From 7655b2d89e8275853d9921dd903dcdad9b3d4a7b Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Fri, 19 Oct 2018 10:29:19 +0200 Subject: commit: fix reading out of bounds when parsing encoding The commit message encoding is currently being parsed by the `git__prefixcmp` function. As this function does not accept a buffer length, it will happily skip over a buffer's end if it is not `NUL` terminated. Fix the issue by using `git__prefixncmp` instead. Add a test that verifies that we are unable to parse the encoding field if it's cut off by the supplied buffer length. --- src/commit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/commit.c') diff --git a/src/commit.c b/src/commit.c index 97ac2a189..bda5a8b42 100644 --- a/src/commit.c +++ b/src/commit.c @@ -444,7 +444,7 @@ int git_commit__parse_raw(void *_commit, const char *data, size_t size) while (eoln < buffer_end && *eoln != '\n') ++eoln; - if (git__prefixcmp(buffer, "encoding ") == 0) { + if (git__prefixncmp(buffer, buffer_end - buffer, "encoding ") == 0) { buffer += strlen("encoding "); commit->message_encoding = git__strndup(buffer, eoln - buffer); -- cgit v1.2.1