Commit a8356af8 by Patrick Steinhardt

smart_pkt: fix buffer overflow when parsing "unpack" packets

When checking whether an "unpack" packet returned the "ok" status or
not, we use a call to `git__prefixcmp`. In case where the passed line
isn't properly NUL terminated, though, this may overrun the line buffer.
Fix this by using `git__prefixncmp` instead.

(cherry picked from commit 5fabaca8)
parent 02e4b27f
...@@ -350,13 +350,11 @@ static int unpack_pkt(git_pkt **out, const char *line, size_t len) ...@@ -350,13 +350,11 @@ static int unpack_pkt(git_pkt **out, const char *line, size_t len)
{ {
git_pkt_unpack *pkt; git_pkt_unpack *pkt;
GIT_UNUSED(len);
pkt = git__malloc(sizeof(*pkt)); pkt = git__malloc(sizeof(*pkt));
GITERR_CHECK_ALLOC(pkt); GITERR_CHECK_ALLOC(pkt);
pkt->type = GIT_PKT_UNPACK; pkt->type = GIT_PKT_UNPACK;
if (!git__prefixcmp(line, "unpack ok"))
if (!git__prefixncmp(line, len, "unpack ok"))
pkt->unpack_ok = 1; pkt->unpack_ok = 1;
else else
pkt->unpack_ok = 0; pkt->unpack_ok = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment