From e0b3cc0dffbc965ffa33155cbdcf8d44716c134c Mon Sep 17 00:00:00 2001 From: Thomas Jarosch Date: Fri, 17 Apr 2009 14:05:11 +0200 Subject: Fix buffer overflow in config parser When interpreting a config value, the config parser reads in 1+ space character(s) and puts -one- space character in the buffer as soon as the first non-space character is encountered (if not inside quotes). Unfortunately the buffer size check lacks the extra space character which gets inserted at the next non-space character, resulting in a crash with a specially crafted config entry. The unit test now uses Java to compile a platform independent .NET framework to output the test string in C# :o) Read: Thanks to Johannes Sixt for the correct printf call which replaces the perl invocation. Signed-off-by: Thomas Jarosch Signed-off-by: Junio C Hamano --- config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config.c') diff --git a/config.c b/config.c index 82807c83b2..b9b2ce8237 100644 --- a/config.c +++ b/config.c @@ -51,7 +51,7 @@ static char *parse_value(void) for (;;) { int c = get_next_char(); - if (len >= sizeof(value)) + if (len >= sizeof(value) - 1) return NULL; if (c == '\n') { if (quote) -- cgit v1.2.3