Files · bc349045b1be8fb3af2b02d8554483869e54d5b8 · lvzhengyang / git2

smart_pkt: fix buffer overflow when parsing "ACK" packets · bc349045

We are being quite lenient when parsing "ACK" packets. First, we didn't
correctly verify that we're not overrunning the provided buffer length,
which we fix here by using `git__prefixncmp` instead of
`git__prefixcmp`. Second, we do not verify that the actual contents make
any sense at all, as we simply ignore errors when parsing the ACKs OID
and any unknown status strings. This may result in a parsed packet
structure with invalid contents, which is being silently passed to the
caller. This is being fixed by performing proper input validation and
checking of return codes.

committed Oct 03, 2018

bc349045

Name	Last commit	Last update
.github		Loading commit data...
ci		Loading commit data...
cmake/Modules		Loading commit data...
deps		Loading commit data...
docs		Loading commit data...
examples		Loading commit data...
fuzzers		Loading commit data...
include		Loading commit data...
script		Loading commit data...
src		Loading commit data...
tests		Loading commit data...
.HEADER		Loading commit data...
.editorconfig		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
AUTHORS		Loading commit data...
CMakeLists.txt		Loading commit data...
COPYING		Loading commit data...
README.md		Loading commit data...
api.docurium		Loading commit data...
azure-pipelines.yml		Loading commit data...
git.git-authors		Loading commit data...
libgit2.pc.in		Loading commit data...
libgit2_clar.supp		Loading commit data...
package.json		Loading commit data...

README.md