From 13640d1bb8376e3f07f66498a5b9bdde9ff3d7d6 Mon Sep 17 00:00:00 2001
From: Vicent Marti <tanoku@gmail.com>
Date: Mon, 25 Mar 2013 21:39:11 +0100
Subject: [PATCH] oid: Do not parse OIDs longer than 40

---
 src/oid.c             | 2 +-
 tests-clar/core/oid.c | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/oid.c b/src/oid.c
index 1d994c362..ab69eeb17 100644
--- a/src/oid.c
+++ b/src/oid.c
@@ -25,7 +25,7 @@ int git_oid_fromstrn(git_oid *out, const char *str, size_t length)
 	int v;
 
 	if (length > GIT_OID_HEXSZ)
-		length = GIT_OID_HEXSZ;
+		return oid_error_invalid("too long");
 
 	for (p = 0; p < length - 1; p += 2) {
 		v = (git__fromhex(str[p + 0]) << 4)
diff --git a/tests-clar/core/oid.c b/tests-clar/core/oid.c
index cd88b4e7c..08791cce6 100644
--- a/tests-clar/core/oid.c
+++ b/tests-clar/core/oid.c
@@ -11,7 +11,7 @@ void test_core_oid__initialize(void)
 {
 	cl_git_pass(git_oid_fromstr(&id, str_oid));
 	cl_git_pass(git_oid_fromstrp(&idp, str_oid_p));
-	cl_git_pass(git_oid_fromstrp(&idm, str_oid_m));
+	cl_git_fail(git_oid_fromstrp(&idm, str_oid_m));
 }
 
 void test_core_oid__streq(void)
@@ -27,6 +27,4 @@ void test_core_oid__streq(void)
 
 	cl_assert(git_oid_streq(&idp, "deadbeef") == -1);
 	cl_assert(git_oid_streq(&idp, "I'm not an oid.... :)") == -1);
-	
-	cl_assert(git_oid_cmp(&id, &idm) == 0);
 }