From dfc2c713433b3a932e4d8b648738e3b63086baec Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Fri, 7 Oct 2016 09:18:55 +0200 Subject: [PATCH] tree: validate filename and OID length when parsing object When parsing tree entries from raw object data, we do not verify that the tree entry actually has a filename as well as a valid object ID. Fix this by asserting that the filename length is non-zero as well as asserting that there are at least `GIT_OID_RAWSZ` bytes left when parsing the OID. --- src/tree.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/tree.c b/src/tree.c index 3874e45f4..7cc415a09 100644 --- a/src/tree.c +++ b/src/tree.c @@ -447,7 +447,12 @@ int git_tree__parse(void *_tree, git_odb_object *odb_obj) if ((nul = memchr(buffer, 0, buffer_end - buffer)) == NULL) return tree_error("Failed to parse tree. Object is corrupted", NULL); - filename_len = nul - buffer; + if ((filename_len = nul - buffer) == 0) + return tree_error("Failed to parse tree. Can't parse filename", NULL); + + if ((buffer_end - (nul + 1)) < GIT_OID_RAWSZ) + return tree_error("Failed to parse tree. Can't parse OID", NULL); + /* Allocate the entry */ { entry = git_array_alloc(tree->entries);