Fix buffer overflow in config parser

When interpreting a config value, the config parser reads in 1+ space character(s) and puts -one- space character in the buffer as soon as the first non-space character is encountered (if not inside quotes). Unfortunately the buffer size check lacks the extra space character which gets inserted at the next non-space character, resulting in a crash with a specially crafted config entry. The unit test now uses Java to compile a platform independent .NET framework to output the test string in C# :o) Read: Thanks to Johannes Sixt for the correct printf call which replaces the perl invocation. Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Thomas Jarosch <thomas.jarosch@intra2net.com> 2009-04-17 14:05:11 +0200
committer: Junio C Hamano <gitster@pobox.com> 2009-04-17 20:59:01 -0700
commit: e0b3cc0dffbc965ffa33155cbdcf8d44716c134c (patch)
tree: b6576c5a1c8415e977c9fb4d1eac2d7a8a2f9dc2 /config.c
parent: c6d8f7635f619f6576dccf17c1f1264d2cc37a2a (diff)
download: git-e0b3cc0dffbc965ffa33155cbdcf8d44716c134c.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/config.c b/config.c
index 82807c83b2..b9b2ce8237 100644
--- a/config.c
+++ b/config.c
@@ -51,7 +51,7 @@ static char *parse_value(void)
 
 	for (;;) {
 		int c = get_next_char();
-		if (len >= sizeof(value))
+		if (len >= sizeof(value) - 1)
 			return NULL;
 		if (c == '\n') {
 			if (quote)
author	Thomas Jarosch <thomas.jarosch@intra2net.com>	2009-04-17 14:05:11 +0200
committer	Junio C Hamano <gitster@pobox.com>	2009-04-17 20:59:01 -0700
commit	e0b3cc0dffbc965ffa33155cbdcf8d44716c134c (patch)
tree	b6576c5a1c8415e977c9fb4d1eac2d7a8a2f9dc2 /config.c
parent	c6d8f7635f619f6576dccf17c1f1264d2cc37a2a (diff)
download	git-e0b3cc0dffbc965ffa33155cbdcf8d44716c134c.tar.gz