Home » Mailing list archives » git » 2008 » February » 18

[PATCH 01/12] read_object_with_reference: don't read beyond the buffer

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Martin Koegler <mkoegler@...>
To: Junio C Hamano <gitster@...>
Cc: <git@...>, Martin Koegler <mkoegler@...>
Subject: [PATCH 01/12] read_object_with_reference: don't read beyond the buffer
Date: Monday, February 18, 2008 - 4:47 pm

Signed-off-by: Martin Koegler <mkoegler@auto.tuwien.ac.at>
---
 sha1_file.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/sha1_file.c b/sha1_file.c
index 4179949..d9da7c8 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -1943,7 +1943,8 @@ void *read_object_with_reference(const unsigned char *sha1,
 		}
 		ref_length = strlen(ref_type);
 
-		if (memcmp(buffer, ref_type, ref_length) ||
+		if (ref_length + 40 > isize ||
+		    memcmp(buffer, ref_type, ref_length) ||
 		    get_sha1_hex((char *) buffer + ref_length, actual_sha1)) {
 			free(buffer);
 			return NULL;
-- 
1.5.4.1.g96b77

-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH 01/12] read_object_with_reference: don't read beyond ..., Martin Koegler, (Mon Feb 18, 4:47 pm)
[PATCH 02/12] get_sha1_oneline: check return value of parse_..., Martin Koegler, (Mon Feb 18, 4:47 pm)
[PATCH 03/12] mark_blob/tree_uninteresting: check for NULL, Martin Koegler, (Mon Feb 18, 4:47 pm)
[PATCH 04/12] add_one_tree: handle NULL from lookup_tree, Martin Koegler, (Mon Feb 18, 4:47 pm)
[PATCH 05/12] process_tree/blob: check for NULL, Martin Koegler, (Mon Feb 18, 4:47 pm)