Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
libgit2.7809
libgit2-verify-packet-length.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgit2-verify-packet-length.patch of Package libgit2.7809
commit 4ac39c76c0153d1ee6889a0984c39e97731684b2 Author: Patrick Steinhardt <ps@pks.im> Date: Tue Nov 15 11:36:27 2016 +0100 smart_pkt: verify packet length exceeds PKT_LEN_SIZE Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as we directly pass the length to functions which accept a `size_t` length as parameter. Fix the issue by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`. Index: libgit2-0.24.1/src/transports/smart_pkt.c =================================================================== --- libgit2-0.24.1.orig/src/transports/smart_pkt.c +++ libgit2-0.24.1/src/transports/smart_pkt.c @@ -427,6 +427,14 @@ int git_pkt_parse_line( if (bufflen > 0 && bufflen < (size_t)len) return GIT_EBUFS; + /* + * The length has to be exactly 0 in case of a flush + * packet or greater than PKT_LEN_SIZE, as the decoded + * length includes its own encoded length of four bytes. + */ + if (len != 0 && len < PKT_LEN_SIZE) + return GIT_ERROR; + line += PKT_LEN_SIZE; /* * TODO: How do we deal with empty lines? Try again? with the next
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor