diff options
author | Patrick Steinhardt <ps@pks.im> | 2017-03-20 09:34:41 +0100 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2017-03-21 15:48:15 +0100 |
commit | 2cf48e13262921c2c6e38668c1ea54d93c2117c8 (patch) | |
tree | 15cc201f206ea66e06a3a0cd4e84924998746f3e | |
parent | ff8d2eb15f145640c3b54755b460a06b24f0ca0e (diff) | |
download | libgit2-2cf48e13262921c2c6e38668c1ea54d93c2117c8.tar.gz |
config_file: check if section header buffer runs out of memory
While parsing section headers, we use a buffer to store the actual
section name. We do not check though if the buffer runs out of memory at
any stage. Do so.
-rw-r--r-- | src/config_file.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/config_file.c b/src/config_file.c index cd5727c05..50c5a3d82 100644 --- a/src/config_file.c +++ b/src/config_file.c @@ -1041,8 +1041,9 @@ static int parse_section_header_ext(struct reader *reader, const char *line, con GITERR_CHECK_ALLOC_ADD(&alloc_len, base_name_len, quoted_len); GITERR_CHECK_ALLOC_ADD(&alloc_len, alloc_len, 2); - git_buf_grow(&buf, alloc_len); - git_buf_printf(&buf, "%s.", base_name); + if (git_buf_grow(&buf, alloc_len) < 0 || + git_buf_printf(&buf, "%s.", base_name) < 0) + goto end_parse; rpos = 0; @@ -1082,6 +1083,11 @@ static int parse_section_header_ext(struct reader *reader, const char *line, con } while (line + rpos < last_quote); end_parse: + if (git_buf_oom(&buf)) { + git_buf_free(&buf); + return -1; + } + if (line[rpos] != '"' || line[rpos + 1] != ']') { set_parse_error(reader, rpos, "Unexpected text after closing quotes"); git_buf_free(&buf); |