Files · 3db9aa6f79711103a331a2bbbd044a3c37d4f136 · lvzhengyang / git2

signature: avoid out-of-bounds reads when parsing signature dates · 3db9aa6f

We use `git__strtol64` and `git__strtol32` to parse the trailing commit
or author date and timezone of signatures. As signatures are usually
part of a commit or tag object and thus essentially untrusted data, the
buffer may be misformatted and may not be `NUL` terminated. This may
lead to an out-of-bounds read.

Fix the issue by using `git__strntol64` and `git__strntol32` instead.

committed Oct 18, 2018

3db9aa6f

Name	Last commit	Last update
.github		Loading commit data...
ci		Loading commit data...
cmake/Modules		Loading commit data...
deps		Loading commit data...
docs		Loading commit data...
examples		Loading commit data...
fuzzers		Loading commit data...
include		Loading commit data...
script		Loading commit data...
src		Loading commit data...
tests		Loading commit data...
.HEADER		Loading commit data...
.editorconfig		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
AUTHORS		Loading commit data...
CMakeLists.txt		Loading commit data...
COPYING		Loading commit data...
README.md		Loading commit data...
api.docurium		Loading commit data...
azure-pipelines.yml		Loading commit data...
git.git-authors		Loading commit data...
libgit2.pc.in		Loading commit data...
libgit2_clar.supp		Loading commit data...
package.json		Loading commit data...

README.md