From: Linus Torvalds Date: Sat, 13 Aug 2005 18:05:25 +0000 (-0700) Subject: [PATCH] Make get_sha1_basic() more careful X-Git-Tag: v0.99.5~22^2~3 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=3c3852e33b3e40ad64885d845cb92a52c7b15884;p=git.git [PATCH] Make get_sha1_basic() more careful The "get_sha1_hex()" function is designed to work with SHA1 hex strings that may be followed by arbitrary crud. However, that's not acceptable for "get_sha1()" which is used for command line arguments etc: we don't want to silently allow random characters after the end of the SHA1. So verify that the hex string is all we have. Signed-off-by: Linus Torvalds Signed-off-by: Junio C Hamano --- diff --git a/sha1_name.c b/sha1_name.c index df45b172a..fdd321448 100644 --- a/sha1_name.c +++ b/sha1_name.c @@ -148,7 +148,7 @@ static int get_sha1_basic(const char *str, int len, unsigned char *sha1) }; const char **p; - if (!get_sha1_hex(str, sha1)) + if (len == 40 && !get_sha1_hex(str, sha1)) return 0; for (p = prefix; *p; p++) {