commit_list: avoid use of strtol64 without length limit

When quick-parsing a commit, we use `git__strtol64` to parse the commit's time. The buffer that's passed to `commit_quick_parse` is the raw data of an ODB object, though, whose data may not be properly formatted and also does not have to be `NUL` terminated. This may lead to out-of-bound reads. Use `git__strntol64` to avoid this problem.
author: Patrick Steinhardt <ps@pks.im> 2018-10-18 11:25:59 +0200
committer: Patrick Steinhardt <ps@pks.im> 2018-10-18 11:25:59 +0200
commit: 1a3fa1f5fafd433bdcf1834426d6963eff532125 (patch)
tree: 11ea3c4dc0c69563422cb8bb41891170f0965e9c
parent: f010b66bf693d22560fd1af584d325a8da42b416 (diff)
download: libgit2-1a3fa1f5fafd433bdcf1834426d6963eff532125.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/src/commit_list.c b/src/commit_list.c
index 96bd9dc15..b4313eed2 100644
--- a/src/commit_list.c
+++ b/src/commit_list.c
@@ -171,7 +171,9 @@ static int commit_quick_parse(
 			buffer--;
 	}
 
-	if ((buffer == committer_start) || (git__strtol64(&commit_time, (char *)(buffer + 1), NULL, 10) < 0))
+	if ((buffer == committer_start) ||
+	    (git__strntol64(&commit_time, (char *)(buffer + 1),
+			    buffer_end - buffer + 1, NULL, 10) < 0))
 		return commit_error(commit, "cannot parse commit time");
 
 	commit->time = commit_time;
author	Patrick Steinhardt <ps@pks.im>	2018-10-18 11:25:59 +0200
committer	Patrick Steinhardt <ps@pks.im>	2018-10-18 11:25:59 +0200
commit	1a3fa1f5fafd433bdcf1834426d6963eff532125 (patch)
tree	11ea3c4dc0c69563422cb8bb41891170f0965e9c
parent	f010b66bf693d22560fd1af584d325a8da42b416 (diff)
download	libgit2-1a3fa1f5fafd433bdcf1834426d6963eff532125.tar.gz