From bb1356dc643e1488ccc1924ab674f6cbbe615f74 Mon Sep 17 00:00:00 2001 From: Jon Simons Date: Thu, 8 Feb 2018 13:47:50 -0500 Subject: always check for NULL return from packet_read_line() The packet_read_line() function will die if it sees any protocol or socket errors. But it will return NULL for a flush packet; some callers which are not expecting this may dereference NULL if they get an unexpected flush. This would involve the other side breaking protocol, but we should flag the error rather than segfault. Signed-off-by: Jon Simons Reviewed-by: Jeff King Signed-off-by: Junio C Hamano --- remote-curl.c | 2 ++ send-pack.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/remote-curl.c b/remote-curl.c index 0053b09549..9903077471 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -339,6 +339,8 @@ static struct discovery *discover_refs(const char *service, int for_push) * pkt-line matches our request. */ line = packet_read_line_buf(&last->buf, &last->len, NULL); + if (!line) + die("invalid server response; expected service, got flush packet"); strbuf_reset(&exp); strbuf_addf(&exp, "# service=%s", service); diff --git a/send-pack.c b/send-pack.c index 2112d3b27a..8d9190f5e7 100644 --- a/send-pack.c +++ b/send-pack.c @@ -137,6 +137,8 @@ static int pack_objects(int fd, struct ref *refs, struct oid_array *extra, struc static int receive_unpack_status(int in) { const char *line = packet_read_line(in, NULL); + if (!line) + return error(_("unexpected flush packet while reading remote unpack status")); if (!skip_prefix(line, "unpack ", &line)) return error(_("unable to parse remote unpack status: %s"), line); if (strcmp(line, "ok")) -- cgit v1.2.3