Fixes to safely reading the index

Avoid wrapping around extension size when reading, avoid walking off the end of the buffer when reading names.
author: Edward Thomson <ethomson@microsoft.com> 2013-08-08 20:05:00 +0400
committer: Edward Thomson <ethomson@microsoft.com> 2013-08-08 21:32:23 +0400
commit: 57f31f058c29edfd7d6d810fcd4a964875e9d463 (patch)
tree: 382c686e0418eb707ea6d5ce9b7fe02ead03965e /src/index.c
parent: 5e96f31638fe71a0c76805b1352f437881791d98 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/index.c b/src/index.c
index cbdd43bdc..5f53f1e2f 100644
--- a/src/index.c
+++ b/src/index.c
@@ -1371,7 +1371,7 @@ static int read_reuc(git_index *index, const char *buffer, size_t size)
 	while (size) {
 		git_index_reuc_entry *lost;
 
-		len = strlen(buffer) + 1;
+		len = p_strnlen(buffer, size) + 1;
 		if (size <= len)
 			return index_error_invalid("reading reuc entries");
 
@@ -1444,7 +1444,7 @@ static int read_conflict_names(git_index *index, const char *buffer, size_t size
 		return -1;
 
 #define read_conflict_name(ptr) \
-	len = strlen(buffer) + 1; \
+	len = p_strnlen(buffer, size) + 1; \
 	if (size < len) \
 		return index_error_invalid("reading conflict name entries"); \
 	\
@@ -1571,7 +1571,8 @@ static size_t read_extension(git_index *index, const char *buffer, size_t buffer
 
 	total_size = dest.extension_size + sizeof(struct index_extension);
 
-	if (buffer_size < total_size ||
+	if (dest.extension_size > total_size ||
+		buffer_size < total_size ||
 		buffer_size - total_size < INDEX_FOOTER_SIZE)
 		return 0;
author	Edward Thomson <ethomson@microsoft.com>	2013-08-08 20:05:00 +0400
committer	Edward Thomson <ethomson@microsoft.com>	2013-08-08 21:32:23 +0400
commit	57f31f058c29edfd7d6d810fcd4a964875e9d463 (patch)
tree	382c686e0418eb707ea6d5ce9b7fe02ead03965e /src/index.c
parent	5e96f31638fe71a0c76805b1352f437881791d98 (diff)