From e0b3cc0dffbc965ffa33155cbdcf8d44716c134c Mon Sep 17 00:00:00 2001 From: Thomas Jarosch Date: Fri, 17 Apr 2009 14:05:11 +0200 Subject: Fix buffer overflow in config parser When interpreting a config value, the config parser reads in 1+ space character(s) and puts -one- space character in the buffer as soon as the first non-space character is encountered (if not inside quotes). Unfortunately the buffer size check lacks the extra space character which gets inserted at the next non-space character, resulting in a crash with a specially crafted config entry. The unit test now uses Java to compile a platform independent .NET framework to output the test string in C# :o) Read: Thanks to Johannes Sixt for the correct printf call which replaces the perl invocation. Signed-off-by: Thomas Jarosch Signed-off-by: Junio C Hamano --- t/t1303-wacky-config.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 't') diff --git a/t/t1303-wacky-config.sh b/t/t1303-wacky-config.sh index 1983076c75..080117c6bc 100755 --- a/t/t1303-wacky-config.sh +++ b/t/t1303-wacky-config.sh @@ -10,7 +10,7 @@ setup() { check() { echo "$2" >expected - git config --get "$1" >actual + git config --get "$1" >actual 2>&1 test_cmp actual expected } @@ -40,4 +40,11 @@ test_expect_success 'make sure git config escapes section names properly' ' check "$SECTION" bar ' +LONG_VALUE=$(printf "x%01021dx a" 7) +test_expect_success 'do not crash on special long config line' ' + setup && + git config section.key "$LONG_VALUE" && + check section.key "fatal: bad config file line 2 in .git/config" +' + test_done -- cgit v1.2.3