diff options
| author | Patrick Steinhardt <ps@pks.im> | 2018-10-18 11:25:59 +0200 |
|---|---|---|
| committer | Patrick Steinhardt <ps@pks.im> | 2018-10-26 14:35:16 +0200 |
| commit | 2b32806bc4734cb4e1f450276e98ff362b5224d3 (patch) | |
| tree | 96082562729284073c4aa82f881c272d6124adf3 | |
| parent | 53b4c4ae333bd8c2f51ad52c9accd3526425570b (diff) | |
| download | libgit2-2b32806bc4734cb4e1f450276e98ff362b5224d3.tar.gz | |
commit_list: avoid use of strtol64 without length limit
When quick-parsing a commit, we use `git__strtol64` to parse the
commit's time. The buffer that's passed to `commit_quick_parse` is the
raw data of an ODB object, though, whose data may not be properly
formatted and also does not have to be `NUL` terminated. This may lead
to out-of-bound reads.
Use `git__strntol64` to avoid this problem.
(cherry picked from commit 1a3fa1f5fafd433bdcf1834426d6963eff532125)
| -rw-r--r-- | src/commit_list.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/commit_list.c b/src/commit_list.c index 3bba58c27..7df79bfd6 100644 --- a/src/commit_list.c +++ b/src/commit_list.c @@ -171,7 +171,9 @@ static int commit_quick_parse( buffer--; } - if ((buffer == committer_start) || (git__strtol64(&commit_time, (char *)(buffer + 1), NULL, 10) < 0)) + if ((buffer == committer_start) || + (git__strntol64(&commit_time, (char *)(buffer + 1), + buffer_end - buffer + 1, NULL, 10) < 0)) return commit_error(commit, "cannot parse commit time"); commit->time = commit_time; |