8000 transport: safely handle messages with no caps · libgit2/libgit2@1619a0a · GitHub
[go: up one dir, main page]
Skip to content

Commit 1619a0a

Browse files
ethomsonethomson
committed
transport: safely handle messages with no caps
If there are no caps, don't try to advance past the first NULL to look for object-format. This prevents a possible out-of-bounds read.
1 parent e632535 commit 1619a0a

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

src/libgit2/transports/smart_pkt.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -226,7 +226,8 @@ static int set_data(
226226

227227
GIT_ASSERT_ARG(data);
228228

229-
if ((caps = memchr(line, '\0', len)) != NULL) {
229+
if ((caps = memchr(line, '\0', len)) != NULL &&
230+
len > (size_t)((caps - line) + 1)) {
230231
caps++;
231232

232233
if (strncmp(caps, "object-format=", CONST_STRLEN("object-format=")) == 0)

0 commit comments

Comments
 (0)
0