pkt: make sure we really only read the length

A pkt-line's length are described in its first four bytes in ASCII hex. Copy this substring to another string before feeding it to git__strtol32. Otherwise, it will read the whole hash. Signed-off-by: Carlos Martín Nieto <carlos@cmartin.tk>
author: Carlos Martín Nieto <carlos@cmartin.tk> 2011-06-06 14:19:47 +0200
committer: Carlos Martín Nieto <carlos@cmartin.tk> 2011-06-26 18:18:12 +0200
commit: 78fae47878111dd9833345fa622bafb51e5d69b5 (patch)
tree: 238d5065e421c38069403fb8d9b75ae4ee44f24a
parent: 1d27446c603cbad306a8f294fb835ed3db8697b9 (diff)
download: libgit2-78fae47878111dd9833345fa622bafb51e5d69b5.tar.gz
1 files changed, 16 insertions, 3 deletions
diff --git a/src/pkt.c b/src/pkt.c
index bf460e55d..782b88569 100644
--- a/src/pkt.c
+++ b/src/pkt.c
@@ -61,14 +61,27 @@ int git_pkt_parse_line(git_pkt **head, const char *line, const char **out)
 {
 	int error = GIT_SUCCESS;
 	long int len;
+	const int num_len = 4;
+	char *num;
 	const char *num_end;
 	git_pkt *pkt;
 
-	error = git__strtol32(&len, line, &num_end, 16);
-	if (error < GIT_SUCCESS)
+	num = git__strndup(line, num_len);
+	if (num == NULL)
+		return GIT_ENOMEM;
+
+	error = git__strtol32(&len, num, &num_end, 16);
+	if (error < GIT_SUCCESS) {
+		free(num);
 		return error;
+	}
+	if (num_end - num != num_len) {
+		free(num);
+		return git__throw(GIT_EOBJCORRUPTED, "Wrong pkt length");
+	}
+	free(num);
 
-	line = num_end;
+	line += num_len;
 	/*
 	 * TODO: How do we deal with empty lines? Try again? with the next
 	 * line?
author	Carlos Martín Nieto <carlos@cmartin.tk>	2011-06-06 14:19:47 +0200
committer	Carlos Martín Nieto <carlos@cmartin.tk>	2011-06-26 18:18:12 +0200
commit	78fae47878111dd9833345fa622bafb51e5d69b5 (patch)
tree	238d5065e421c38069403fb8d9b75ae4ee44f24a
parent	1d27446c603cbad306a8f294fb835ed3db8697b9 (diff)
download	libgit2-78fae47878111dd9833345fa622bafb51e5d69b5.tar.gz