diff options
| author | Patrick Steinhardt <ps@pks.im> | 2018-08-09 11:03:37 +0200 |
|---|---|---|
| committer | Patrick Steinhardt <ps@pks.im> | 2018-10-03 16:09:38 +0200 |
| commit | b5ba7af2d30c958b090dcf135749d9afe89ec703 (patch) | |
| tree | eeddf2ff34a9b6f7b5f2ef0b76dc471ef75fc09f | |
| parent | a9f1ca09178af0640963e069a2142d5ced53f0b4 (diff) | |
| download | libgit2-b5ba7af2d30c958b090dcf135749d9afe89ec703.tar.gz | |
smart_pkt: fix "ng" parser accepting non-space character
When parsing "ng" packets, we blindly assume that the character
immediately following the "ng" prefix is a space and skip it. As the
calling function doesn't make sure that this is the case, we can thus
end up blindly accepting an invalid packet line.
Fix the issue by using `git__prefixncmp`, checking whether the line
starts with "ng ".
| -rw-r--r-- | src/transports/smart_pkt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/transports/smart_pkt.c b/src/transports/smart_pkt.c index 1066bc3e1..3b145f834 100644 --- a/src/transports/smart_pkt.c +++ b/src/transports/smart_pkt.c @@ -306,9 +306,9 @@ static int ng_pkt(git_pkt **out, const char *line, size_t len) eol = line + len; - if (len < 3) + if (git__prefixncmp(line, len, "ng ")) goto out_err; - line += 3; /* skip "ng " */ + line += 3; if (!(ptr = memchr(line, ' ', eol - line))) goto out_err; |