diff options
author | Patrick Steinhardt <ps@pks.im> | 2016-11-15 11:36:27 +0100 |
---|---|---|
committer | Edward Thomson <ethomson@github.com> | 2017-01-06 17:11:44 +0000 |
commit | 66e3774d279672ee51c3b54545a79d20d1ada834 (patch) | |
tree | e6334344180683b99c2cfd5c115b03bd1af40dbb /src/hash/hash_generic.h | |
parent | 75db289a041b1f1084768244e167b953ac7eeaa5 (diff) | |
download | libgit2-66e3774d279672ee51c3b54545a79d20d1ada834.tar.gz |
smart_pkt: verify packet length exceeds PKT_LEN_SIZE
Each packet line in the Git protocol is prefixed by a four-byte
length of how much data will follow, which we parse in
`git_pkt_parse_line`. The transmitted length can either be equal
to zero in case of a flush packet or has to be at least of length
four, as it also includes the encoded length itself. Not
checking this may result in a buffer overflow as we directly pass
the length to functions which accept a `size_t` length as
parameter.
Fix the issue by verifying that non-flush packets have at least a
length of `PKT_LEN_SIZE`.
Diffstat (limited to 'src/hash/hash_generic.h')
0 files changed, 0 insertions, 0 deletions