From: Brandon Casey <casey@nrlssc.navy.mil>

The size parameter should be a size_t since it is a string length.

There is no reason that the buffer argument should not be constant except
for the nul termination that is performed in the first few lines of this
function. This is not necessary, since a valid c string must always be
nul terminated and we can check whether we have exceeded the caller's
size parameter at the end of parsing the buffer.

Signed-off-by: Brandon Casey <casey@nrlssc.navy.mil>
---
 mktag.c |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/mktag.c b/mktag.c
index 0b34341..5489ad6 100644
--- a/mktag.c
+++ b/mktag.c
@@ -39,7 +39,7 @@ static int verify_object(unsigned char *sha1, const char *expected_type)
 #define PD_FMT "%td"
 #endif
 
-static int verify_tag(char *buffer, unsigned long size)
+static int verify_tag(const char *buffer, size_t size)
 {
 	int typelen;
 	char type[20];
@@ -50,8 +50,6 @@ static int verify_tag(char *buffer, unsigned long size)
 	if (size < 84)
 		return error("wanna fool me ? you obviously got the size wrong !");
 
-	buffer[size] = 0;
-
 	/* Verify object line */
 	object = buffer;
 	if (memcmp(object, "object ", 7))
@@ -145,6 +143,13 @@ static int verify_tag(char *buffer, unsigned long size)
 		return error("char" PD_FMT ": trailing garbage in tag header",
 			tagger_line - buffer);
 
+	/*
+	 * Make sure we haven't advanced past what the caller said the
+	 * buffer size was.
+	 */
+	if (tagger_line - buffer >= size)
+		return error("char" PD_FMT ": tag truncated", size);
+
 	/* The actual stuff afterwards we don't care about.. */
 	return 0;
 }
-- 
1.5.5.67.g9a49

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html