Files · 3db1af1f370295ad5355b8f64b865a2a357bcac0 · lvzhengyang / git2

index: error out on unreasonable prefix-compressed path lengths · 3db1af1f

When computing the complete path length from the encoded
prefix-compressed path, we end up just allocating the complete path
without ever checking what the encoded path length actually is. This can
easily lead to a denial of service by just encoding an unreasonable long
path name inside of the index. Git already enforces a maximum path
length of 4096 bytes. As we also have that enforcement ready in some
places, just make sure that the resulting path is smaller than
GIT_PATH_MAX.

Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>

committed Mar 10, 2018

3db1af1f

Name	Last commit	Last update
.github		Loading commit data...
cmake/Modules		Loading commit data...
deps		Loading commit data...
docs		Loading commit data...
examples		Loading commit data...
include		Loading commit data...
script		Loading commit data...
src		Loading commit data...
tests		Loading commit data...
.HEADER		Loading commit data...
.editorconfig		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
.travis.yml		Loading commit data...
AUTHORS		Loading commit data...
CHANGELOG.md		Loading commit data...
CMakeLists.txt		Loading commit data...
CODE_OF_CONDUCT.md		Loading commit data...
CONTRIBUTING.md		Loading commit data...
CONVENTIONS.md		Loading commit data...
COPYING		Loading commit data...
PROJECTS.md		Loading commit data...
README.md		Loading commit data...
THREADING.md		Loading commit data...
TROUBLESHOOTING.md		Loading commit data...
api.docurium		Loading commit data...
appveyor.yml		Loading commit data...
git.git-authors		Loading commit data...
libgit2.pc.in		Loading commit data...
libgit2_clar.supp		Loading commit data...

README.md