Merge pull request #3956 from pks-t/pks/object-parsing-hardening

Object parsing hardening

2 files changed, 10 insertions, 4 deletions

diff --git a/src/commit.c b/src/commit.c
index 99a80855c..76e6dcbc9 100644
--- a/src/commit.c
+++ b/src/commit.c
@@ -459,10 +459,11 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj)
 	buffer = buffer_start + header_len + 1;
 
 	/* extract commit message */
-	if (buffer <= buffer_end) {
+	if (buffer <= buffer_end)
 		commit->raw_message = git__strndup(buffer, buffer_end - buffer);
-		GITERR_CHECK_ALLOC(commit->raw_message);
-	}
+	else
+		commit->raw_message = git__strdup("");
+	GITERR_CHECK_ALLOC(commit->raw_message);
 
 	return 0;
 
diff --git a/src/tree.c b/src/tree.c
index 5db2446bf..6008a9544 100644
--- a/src/tree.c
+++ b/src/tree.c
@@ -447,7 +447,12 @@ int git_tree__parse(void *_tree, git_odb_object *odb_obj)
 		if ((nul = memchr(buffer, 0, buffer_end - buffer)) == NULL)
 			return tree_error("Failed to parse tree. Object is corrupted", NULL);
 
-		filename_len = nul - buffer;
+		if ((filename_len = nul - buffer) == 0)
+			return tree_error("Failed to parse tree. Can't parse filename", NULL);
+
+		if ((buffer_end - (nul + 1)) < GIT_OID_RAWSZ)
+			return tree_error("Failed to parse tree. Can't parse OID", NULL);
+
 		/* Allocate the entry */
 		{
 			entry = git_array_alloc(tree->entries);