diff options
author | Patrick Steinhardt <ps@pks.im> | 2018-10-19 10:29:19 +0200 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2018-10-26 14:20:35 +0200 |
commit | 4f0e5f70166e9e73b24bb7088f82d4297af24818 (patch) | |
tree | db40622ce3533354d0f3fb578cb6f6aa2bb14819 | |
parent | 6e40bb3add388860eaf7b2cfec984cf396f10e30 (diff) | |
download | libgit2-4f0e5f70166e9e73b24bb7088f82d4297af24818.tar.gz |
commit: fix reading out of bounds when parsing encoding
The commit message encoding is currently being parsed by the
`git__prefixcmp` function. As this function does not accept a buffer
length, it will happily skip over a buffer's end if it is not `NUL`
terminated.
Fix the issue by using `git__prefixncmp` instead. Add a test that
verifies that we are unable to parse the encoding field if it's cut off
by the supplied buffer length.
(cherry picked from commit 7655b2d89e8275853d9921dd903dcdad9b3d4a7b)
-rw-r--r-- | src/commit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/commit.c b/src/commit.c index 838688bb8..8972c077d 100644 --- a/src/commit.c +++ b/src/commit.c @@ -443,7 +443,7 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj) while (eoln < buffer_end && *eoln != '\n') ++eoln; - if (git__prefixcmp(buffer, "encoding ") == 0) { + if (git__prefixncmp(buffer, buffer_end - buffer, "encoding ") == 0) { buffer += strlen("encoding "); commit->message_encoding = git__strndup(buffer, eoln - buffer); |