diff options
author | Martin Koegler <mkoegler@auto.tuwien.ac.at> | 2008-01-06 18:21:10 +0100 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2008-01-06 18:41:44 -0800 |
commit | 64cc1c0909949fa2866ad71ad2d1ab7ccaa673d9 (patch) | |
tree | 38dc3d651f1edfacaff677744056e9870b8f27ea /git.spec.in | |
parent | 47ee06f1224cc355d0d5fffb0a65b831790b2845 (diff) | |
download | git-64cc1c0909949fa2866ad71ad2d1ab7ccaa673d9.tar.gz |
tree-walk: don't parse incorrect entries
The current code can access memory outside of the tree buffer in the
case of malformed tree entries.
This patch prevents this by:
* The rest of the buffer must be at least 24 bytes (at least 1 byte
mode, 1 blank, at least one byte path name, 1 NUL, 20 bytes sha1).
* Check that the last NUL (21 bytes before the end) is present.
This ensures that strlen() and get_mode() calls stay within the
buffer.
* The mode may not be empty. We have only to reject a blank at the
begin, as the rest is handled by if (c < '0' || c > '7').
* The blank is ensured by get_mode().
* The path must contain at least one character.
Signed-off-by: Martin Koegler <mkoegler@auto.tuwien.ac.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'git.spec.in')
0 files changed, 0 insertions, 0 deletions