Merge branch 'maint-1.6.1' into maint

* maint-1.6.1:
  Fix buffer overflow in config parser

diff --git a/config.c b/config.c
index 0c8c76f13b03028ad400b1c5b72b3cf0a7ec0940..7a83c76f4b0480416b01213c0aca30b1e92556d2 100644 (file)
--- a/config.c
+++ b/config.c
@@ -51,7 +51,7 @@ static char *parse_value(void)
 
        for (;;) {
                int c = get_next_char();
-               if (len >= sizeof(value))
+               if (len >= sizeof(value) - 1)
                        return NULL;
                if (c == '\n') {
                        if (quote)

diff --git a/t/t1303-wacky-config.sh b/t/t1303-wacky-config.sh
index 1983076c753ea12a4f69d2a98eda3c1621daed59..080117c6bcbb61078539f36011ecd62780bae305 100755 (executable)
--- a/t/t1303-wacky-config.sh
+++ b/t/t1303-wacky-config.sh
@@ -10,7 +10,7 @@ setup() {
 
 check() {
        echo "$2" >expected
-       git config --get "$1" >actual
+       git config --get "$1" >actual 2>&1
        test_cmp actual expected
 }
 
@@ -40,4 +40,11 @@ test_expect_success 'make sure git config escapes section names properly' '
        check "$SECTION" bar
 '
 
+LONG_VALUE=$(printf "x%01021dx a" 7)
+test_expect_success 'do not crash on special long config line' '
+       setup &&
+       git config section.key "$LONG_VALUE" &&
+       check section.key "fatal: bad config file line 2 in .git/config"
+'
+
 test_done