When computing the complete path length from the encoded prefix-compressed path, we end up just allocating the complete path without ever checking what the encoded path length actually is. This can easily lead to a denial of service by just encoding an unreasonable long path name inside of the index. Git already enforces a maximum path length of 4096 bytes. As we also have that enforcement ready in some places, just make sure that the resulting path is smaller than GIT_PATH_MAX. Reported-by: Krishna Ram Prakash R <krp@gtux.in> Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
Name |
Last commit
|
Last update |
---|---|---|
.github | Loading commit data... | |
cmake/Modules | Loading commit data... | |
deps | Loading commit data... | |
docs | Loading commit data... | |
examples | Loading commit data... | |
include | Loading commit data... | |
script | Loading commit data... | |
src | Loading commit data... | |
tests | Loading commit data... | |
.HEADER | Loading commit data... | |
.editorconfig | Loading commit data... | |
.gitattributes | Loading commit data... | |
.gitignore | Loading commit data... | |
.mailmap | Loading commit data... | |
.travis.yml | Loading commit data... | |
AUTHORS | Loading commit data... | |
CHANGELOG.md | Loading commit data... | |
CMakeLists.txt | Loading commit data... | |
CODE_OF_CONDUCT.md | Loading commit data... | |
CONTRIBUTING.md | Loading commit data... | |
CONVENTIONS.md | Loading commit data... | |
COPYING | Loading commit data... | |
PROJECTS.md | Loading commit data... | |
README.md | Loading commit data... | |
THREADING.md | Loading commit data... | |
TROUBLESHOOTING.md | Loading commit data... | |
api.docurium | Loading commit data... | |
appveyor.yml | Loading commit data... | |
git.git-authors | Loading commit data... | |
libgit2.pc.in | Loading commit data... | |
libgit2_clar.supp | Loading commit data... |