diff options
| author | Patrick Steinhardt <ps@pks.im> | 2018-10-05 10:56:02 +0200 |
|---|---|---|
| committer | Patrick Steinhardt <ps@pks.im> | 2018-10-05 11:03:52 +0200 |
| commit | d06d4220eec035466d1a837972a40546b8904330 (patch) | |
| tree | 39af49b4b10d79bbd3948c451ce79d22b0a6309b /src/config_file.c | |
| parent | bf662f7cf8daff2357923446cf9d22f5d4b4a66b (diff) | |
| download | libgit2-d06d4220eec035466d1a837972a40546b8904330.tar.gz | |
config_file: properly ignore includes without "path" value
In case a configuration includes a key "include.path=" without any
value, the generated configuration entry will have its value set to
`NULL`. This is unexpected by the logic handling includes, and as soon
as we try to calculate the included path we will unconditionally
dereference that `NULL` pointer and thus segfault.
Fix the issue by returning early in both `parse_include` and
`parse_conditional_include` in case where the `file` argument is `NULL`.
Add a test to avoid future regression.
The issue has been found by the oss-fuzz project, issue 10810.
Diffstat (limited to 'src/config_file.c')
| -rw-r--r-- | src/config_file.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/config_file.c b/src/config_file.c index e8740d35f..57db97d8b 100644 --- a/src/config_file.c +++ b/src/config_file.c @@ -664,6 +664,9 @@ static int parse_include(git_config_parser *reader, char *dir; int result; + if (!file) + return 0; + if ((result = git_path_dirname_r(&path, reader->file->path)) < 0) return result; @@ -765,7 +768,7 @@ static int parse_conditional_include(git_config_parser *reader, size_t i; int error = 0, matches; - if (!parse_data->repo) + if (!parse_data->repo || !file) return 0; condition = git__substrdup(section + strlen("includeIf."), |