diff options
author | Patrick Steinhardt <ps@pks.im> | 2018-10-19 10:29:19 +0200 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2018-10-26 14:35:16 +0200 |
commit | 052ab49abb179fa8334767c4025cba509fc28727 (patch) | |
tree | aba93ec6dead5401c3d776aa3c6961e544ad994e | |
parent | f122281fd6a8d0975ebd51da39a5c82ea8cd1b1d (diff) | |
download | libgit2-052ab49abb179fa8334767c4025cba509fc28727.tar.gz |
commit: fix reading out of bounds when parsing encoding
The commit message encoding is currently being parsed by the
`git__prefixcmp` function. As this function does not accept a buffer
length, it will happily skip over a buffer's end if it is not `NUL`
terminated.
Fix the issue by using `git__prefixncmp` instead. Add a test that
verifies that we are unable to parse the encoding field if it's cut off
by the supplied buffer length.
(cherry picked from commit 7655b2d89e8275853d9921dd903dcdad9b3d4a7b)
-rw-r--r-- | src/commit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/commit.c b/src/commit.c index 4a340058a..0ec989421 100644 --- a/src/commit.c +++ b/src/commit.c @@ -442,7 +442,7 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj) while (eoln < buffer_end && *eoln != '\n') ++eoln; - if (git__prefixcmp(buffer, "encoding ") == 0) { + if (git__prefixncmp(buffer, buffer_end - buffer, "encoding ") == 0) { buffer += strlen("encoding "); commit->message_encoding = git__strndup(buffer, eoln - buffer); |