Skip to content

G
git2
Unverified Commit 9ada072e by Patrick Steinhardt Committed by GitHub
Options

Merge pull request #4758 from pks-t/pks/smart-pkt-oob-read 

smart_pkt: fix potential OOB-read when processing ng packet
parents c9ad2506 19bed3e2
Showing with 8 additions and 2 deletions
src/transports/smart_pkt.c
...@@ -291,8 +291,11 @@ static int ng_pkt(git_pkt **out, const char *line, size_t len) ...@@ -291,8 +291,11 @@ static int ng_pkt(git_pkt **out, const char *line, size_t len)
pkt->ref = NULL; pkt->ref = NULL;
pkt->type = GIT_PKT_NG; pkt->type = GIT_PKT_NG;
if (len < 3)
goto out_err;
line += 3; /* skip "ng " */ line += 3; /* skip "ng " */
if (!(ptr = strchr(line, ' '))) len -= 3;
if (!(ptr = memchr(line, ' ', len)))
goto out_err; goto out_err;
len = ptr - line; len = ptr - line;
...@@ -303,8 +306,11 @@ static int ng_pkt(git_pkt **out, const char *line, size_t len) ...@@ -303,8 +306,11 @@ static int ng_pkt(git_pkt **out, const char *line, size_t len)
memcpy(pkt->ref, line, len); memcpy(pkt->ref, line, len);
pkt->ref[len] = '\0'; pkt->ref[len] = '\0';
if (len < 1)
goto out_err;
line = ptr + 1; line = ptr + 1;
if (!(ptr = strchr(line, '\n'))) len -= 1;
if (!(ptr = memchr(line, '\n', len)))
goto out_err; goto out_err;
len = ptr - line; len = ptr - line;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment