undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

parse_tag_buffer: don't parse invalid tags

Browse Source 
The current tag parsing code can access memory outside the tag buffer,
if \n are missing. This patch prevent this behaviour.

Signed-off-by: Martin Koegler <mkoegler@auto.tuwien.ac.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Martin Koegler 2008-01-06 20:03:10 +01:00 committed by Junio C Hamano
parent 5162e69732
commit a0393ef676
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tag.c
View File

@ -39,6 +39,7 @@ int parse_tag_buffer(struct tag *item, void *data, unsigned long size)
unsigned char sha1[20]; unsigned char sha1[20];
const char *type_line, *tag_line, *sig_line; const char *type_line, *tag_line, *sig_line;
char type[20]; char type[20];
const char *start = data;
if (item->object.parsed) if (item->object.parsed)
return 0; return 0;
@ -53,11 +54,11 @@ int parse_tag_buffer(struct tag *item, void *data, unsigned long size)
if (memcmp("\ntype ", type_line-1, 6)) if (memcmp("\ntype ", type_line-1, 6))
return -1; return -1;
tag_line = strchr(type_line, '\n'); tag_line = memchr(type_line, '\n', size - (type_line - start));
if (!tag_line || memcmp("tag ", ++tag_line, 4)) if (!tag_line || memcmp("tag ", ++tag_line, 4))
return -1; return -1;
sig_line = strchr(tag_line, '\n'); sig_line = memchr(tag_line, '\n', size - (tag_line - start));
if (!sig_line) if (!sig_line)
return -1; return -1;
sig_line++; sig_line++;