config_file: check if section header buffer runs out of memory

While parsing section headers, we use a buffer to store the actual section name. We do not check though if the buffer runs out of memory at any stage. Do so.
author: Patrick Steinhardt <ps@pks.im> 2017-03-20 09:34:41 +0100
committer: Patrick Steinhardt <ps@pks.im> 2017-03-21 15:48:15 +0100
commit: 2cf48e13262921c2c6e38668c1ea54d93c2117c8 (patch)
tree: 15cc201f206ea66e06a3a0cd4e84924998746f3e
parent: ff8d2eb15f145640c3b54755b460a06b24f0ca0e (diff)
download: libgit2-2cf48e13262921c2c6e38668c1ea54d93c2117c8.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/src/config_file.c b/src/config_file.c
index cd5727c05..50c5a3d82 100644
--- a/src/config_file.c
+++ b/src/config_file.c
@@ -1041,8 +1041,9 @@ static int parse_section_header_ext(struct reader *reader, const char *line, con
 	GITERR_CHECK_ALLOC_ADD(&alloc_len, base_name_len, quoted_len);
 	GITERR_CHECK_ALLOC_ADD(&alloc_len, alloc_len, 2);
 
-	git_buf_grow(&buf, alloc_len);
-	git_buf_printf(&buf, "%s.", base_name);
+	if (git_buf_grow(&buf, alloc_len) < 0 ||
+	    git_buf_printf(&buf, "%s.", base_name) < 0)
+		goto end_parse;
 
 	rpos = 0;
 
@@ -1082,6 +1083,11 @@ static int parse_section_header_ext(struct reader *reader, const char *line, con
 	} while (line + rpos < last_quote);
 
 end_parse:
+	if (git_buf_oom(&buf)) {
+		git_buf_free(&buf);
+		return -1;
+	}
+
 	if (line[rpos] != '"' || line[rpos + 1] != ']') {
 		set_parse_error(reader, rpos, "Unexpected text after closing quotes");
 		git_buf_free(&buf);
author	Patrick Steinhardt <ps@pks.im>	2017-03-20 09:34:41 +0100
committer	Patrick Steinhardt <ps@pks.im>	2017-03-21 15:48:15 +0100
commit	2cf48e13262921c2c6e38668c1ea54d93c2117c8 (patch)
tree	15cc201f206ea66e06a3a0cd4e84924998746f3e
parent	ff8d2eb15f145640c3b54755b460a06b24f0ca0e (diff)
download	libgit2-2cf48e13262921c2c6e38668c1ea54d93c2117c8.tar.gz