diff options
| author | Nguyễn Thái Ngọc Duy <pclouds@gmail.com> | 2011-08-18 20:36:03 +0700 | 
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2011-08-18 12:25:54 -0700 | 
| commit | ec099546a9afdb73b6bf39d5d684e6fb207e2a7f (patch) | |
| tree | 4165f093c23fe5ea472eba86ab77ce65ffcf3e6d | |
| parent | a47a645e7057f28441f0f4b259db11171158553a (diff) | |
| download | git-ec099546a9afdb73b6bf39d5d684e6fb207e2a7f.tar.gz | |
fetch-pack: check for valid commit from server
A malicious server can return ACK with non-existent SHA-1 or not a
commit. lookup_commit() in this case may return NULL. Do not let
fetch-pack crash by accessing NULL address in this case.
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | builtin/fetch-pack.c | 2 | 
1 files changed, 2 insertions, 0 deletions
| diff --git a/builtin/fetch-pack.c b/builtin/fetch-pack.c index 4367984102..3c871c2da8 100644 --- a/builtin/fetch-pack.c +++ b/builtin/fetch-pack.c @@ -395,6 +395,8 @@ static int find_common(int fd[2], unsigned char *result_sha1,  				case ACK_continue: {  					struct commit *commit =  						lookup_commit(result_sha1); +					if (!commit) +						die("invalid commit %s", sha1_to_hex(result_sha1));  					if (args.stateless_rpc  					 && ack == ACK_common  					 && !(commit->object.flags & COMMON)) { | 
