From: Martin Koegler Date: Sun, 6 Jan 2008 19:03:10 +0000 (+0100) Subject: parse_tag_buffer: don't parse invalid tags X-Git-Tag: v1.5.4-rc3~33 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=a0393ef67679ea7720290bd45d9d628920df59f3;p=git.git parse_tag_buffer: don't parse invalid tags The current tag parsing code can access memory outside the tag buffer, if \n are missing. This patch prevent this behaviour. Signed-off-by: Martin Koegler Signed-off-by: Junio C Hamano --- diff --git a/tag.c b/tag.c index f62bcdd99..38bf9134f 100644 --- a/tag.c +++ b/tag.c @@ -39,6 +39,7 @@ int parse_tag_buffer(struct tag *item, void *data, unsigned long size) unsigned char sha1[20]; const char *type_line, *tag_line, *sig_line; char type[20]; + const char *start = data; if (item->object.parsed) return 0; @@ -53,11 +54,11 @@ int parse_tag_buffer(struct tag *item, void *data, unsigned long size) if (memcmp("\ntype ", type_line-1, 6)) return -1; - tag_line = strchr(type_line, '\n'); + tag_line = memchr(type_line, '\n', size - (type_line - start)); if (!tag_line || memcmp("tag ", ++tag_line, 4)) return -1; - sig_line = strchr(tag_line, '\n'); + sig_line = memchr(tag_line, '\n', size - (tag_line - start)); if (!sig_line) return -1; sig_line++;