Reject hexstring longer than 40-bytes in get_short_sha1()

Such a string can never be a valid object name.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>

diff --git a/sha1_name.c b/sha1_name.c
index 9b226e3579b68fe8b59c7105bd926e3a0a70b0ad..6ffee22081aee3fc7b27b9ccc93c4c721652ec4b 100644 (file)
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -157,7 +157,7 @@ static int get_short_sha1(const char *name, int len, unsigned char *sha1,
        char canonical[40];
        unsigned char res[20];
 
-       if (len < MINIMUM_ABBREV)
+       if (len < MINIMUM_ABBREV || len > 40)
                return -1;
        hashclr(res);
        memset(canonical, 'x', 40);