diff options
author | Patrick Steinhardt <ps@pks.im> | 2018-03-08 12:36:46 +0000 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2018-03-10 10:24:18 +0000 |
commit | 3db1af1f370295ad5355b8f64b865a2a357bcac0 (patch) | |
tree | 190b1aa43dcdd197ef1ade1d886fb6870b22a829 | |
parent | 3207ddb0103543da8ad2139ec6539f590f9900c1 (diff) | |
download | libgit2-3db1af1f370295ad5355b8f64b865a2a357bcac0.tar.gz |
index: error out on unreasonable prefix-compressed path lengths
When computing the complete path length from the encoded
prefix-compressed path, we end up just allocating the complete path
without ever checking what the encoded path length actually is. This can
easily lead to a denial of service by just encoding an unreasonable long
path name inside of the index. Git already enforces a maximum path
length of 4096 bytes. As we also have that enforcement ready in some
places, just make sure that the resulting path is smaller than
GIT_PATH_MAX.
Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
-rw-r--r-- | src/index.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/index.c b/src/index.c index 20586f52c..a867547fb 100644 --- a/src/index.c +++ b/src/index.c @@ -2379,6 +2379,10 @@ static int read_entry( GITERR_CHECK_ALLOC_ADD(&path_len, prefix_len, suffix_len); GITERR_CHECK_ALLOC_ADD(&path_len, path_len, 1); + + if (path_len > GIT_PATH_MAX) + return index_error_invalid("unreasonable path length"); + tmp_path = git__malloc(path_len); GITERR_CHECK_ALLOC(tmp_path); |