From b5ba7af2d30c958b090dcf135749d9afe89ec703 Mon Sep 17 00:00:00 2001
From: Patrick Steinhardt <ps@pks.im>
Date: Thu, 9 Aug 2018 11:03:37 +0200
Subject: smart_pkt: fix "ng" parser accepting non-space character

When parsing "ng" packets, we blindly assume that the character
immediately following the "ng" prefix is a space and skip it. As the
calling function doesn't make sure that this is the case, we can thus
end up blindly accepting an invalid packet line.

Fix the issue by using `git__prefixncmp`, checking whether the line
starts with "ng ".
---
 src/transports/smart_pkt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/transports/smart_pkt.c b/src/transports/smart_pkt.c
index 1066bc3e1..3b145f834 100644
--- a/src/transports/smart_pkt.c
+++ b/src/transports/smart_pkt.c
@@ -306,9 +306,9 @@ static int ng_pkt(git_pkt **out, const char *line, size_t len)
 
 	eol = line + len;
 
-	if (len < 3)
+	if (git__prefixncmp(line, len, "ng "))
 		goto out_err;
-	line += 3; /* skip "ng " */
+	line += 3;
 
 	if (!(ptr = memchr(line, ' ', eol - line)))
 		goto out_err;
-- 
cgit v1.2.1