diff options
author | Edward Thomson <ethomson@microsoft.com> | 2013-08-08 20:05:00 +0400 |
---|---|---|
committer | Edward Thomson <ethomson@microsoft.com> | 2013-08-08 21:32:23 +0400 |
commit | 57f31f058c29edfd7d6d810fcd4a964875e9d463 (patch) | |
tree | 382c686e0418eb707ea6d5ce9b7fe02ead03965e /src/index.c | |
parent | 5e96f31638fe71a0c76805b1352f437881791d98 (diff) |
Fixes to safely reading the index
Avoid wrapping around extension size when reading, avoid walking off
the end of the buffer when reading names.
Diffstat (limited to 'src/index.c')
-rw-r--r-- | src/index.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/index.c b/src/index.c index cbdd43bdc..5f53f1e2f 100644 --- a/src/index.c +++ b/src/index.c @@ -1371,7 +1371,7 @@ static int read_reuc(git_index *index, const char *buffer, size_t size) while (size) { git_index_reuc_entry *lost; - len = strlen(buffer) + 1; + len = p_strnlen(buffer, size) + 1; if (size <= len) return index_error_invalid("reading reuc entries"); @@ -1444,7 +1444,7 @@ static int read_conflict_names(git_index *index, const char *buffer, size_t size return -1; #define read_conflict_name(ptr) \ - len = strlen(buffer) + 1; \ + len = p_strnlen(buffer, size) + 1; \ if (size < len) \ return index_error_invalid("reading conflict name entries"); \ \ @@ -1571,7 +1571,8 @@ static size_t read_extension(git_index *index, const char *buffer, size_t buffer total_size = dest.extension_size + sizeof(struct index_extension); - if (buffer_size < total_size || + if (dest.extension_size > total_size || + buffer_size < total_size || buffer_size - total_size < INDEX_FOOTER_SIZE) return 0; |