summaryrefslogtreecommitdiff
path: root/builtin
diff options
context:
space:
mode:
authorLibravatar brian m. carlson <sandals@crustytoothpaste.net>2017-03-26 16:01:28 +0000
committerLibravatar Junio C Hamano <gitster@pobox.com>2017-03-28 09:57:14 -0700
commitf2214dede950e506d7637744599ef27b149bbda1 (patch)
treeccddf6f0c43fab24fdab2568d82b28748c9b1dd1 /builtin
parentreceive-pack::hmac_sha1(): copy the entire SHA-1 hash out (diff)
downloadtgif-f2214dede950e506d7637744599ef27b149bbda1.tar.xz
builtin/receive-pack: fix incorrect pointer arithmetic
If we had already processed the last newline in a push certificate, we would end up subtracting NULL from the end-of-certificate pointer when computing the length of the line. This would have resulted in an absurdly large length, and possibly a buffer overflow. Instead, subtract the beginning-of-certificate pointer from the end-of-certificate pointer, which is what's expected. Note that this situation should never occur, since not only do we require the certificate to be newline terminated, but the signature will only be read from the beginning of a line. Nevertheless, it seems prudent to correct it. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin')
-rw-r--r--builtin/receive-pack.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index 42f25a5103..df18eac9e4 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -1127,7 +1127,7 @@ static void queue_commands_from_cert(struct command **tail,
while (boc < eoc) {
const char *eol = memchr(boc, '\n', eoc - boc);
- tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
+ tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
boc = eol ? eol + 1 : eoc;
}
}