diff options
author | Patrick Steinhardt <ps@pks.im> | 2016-10-07 09:18:55 +0200 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2016-10-07 09:18:55 +0200 |
commit | 4974e3a59648095ffa6fce6c5b651a820c0c34b9 (patch) | |
tree | 44da990a27e6ed05f83491ac158df44200eb6df0 | |
parent | a08e88259fe7ef3d7514a4774acd6eec5a6a2ca7 (diff) | |
download | libgit2-4974e3a59648095ffa6fce6c5b651a820c0c34b9.tar.gz |
tree: validate filename and OID length when parsing object
When parsing tree entries from raw object data, we do not verify
that the tree entry actually has a filename as well as a valid
object ID. Fix this by asserting that the filename length is
non-zero as well as asserting that there are at least
`GIT_OID_RAWSZ` bytes left when parsing the OID.
-rw-r--r-- | src/tree.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/tree.c b/src/tree.c index 5db2446bf..6008a9544 100644 --- a/src/tree.c +++ b/src/tree.c @@ -447,7 +447,12 @@ int git_tree__parse(void *_tree, git_odb_object *odb_obj) if ((nul = memchr(buffer, 0, buffer_end - buffer)) == NULL) return tree_error("Failed to parse tree. Object is corrupted", NULL); - filename_len = nul - buffer; + if ((filename_len = nul - buffer) == 0) + return tree_error("Failed to parse tree. Can't parse filename", NULL); + + if ((buffer_end - (nul + 1)) < GIT_OID_RAWSZ) + return tree_error("Failed to parse tree. Can't parse OID", NULL); + /* Allocate the entry */ { entry = git_array_alloc(tree->entries); |