Merge branch 'maint-1.6.0' into maint-1.6.1

* maint-1.6.0: Fix buffer overflow in config parser
16 years ago · 0fa0514b91
2 changed files with 9 additions and 2 deletions
--- a/config.c
+++ b/config.c
@ -51,7 +51,7 @@ static char *parse_value(void)
				@@ -51,7 +51,7 @@ static char *parse_value(void)

 	for (;;) {
 		int c = get_next_char();
-		if (len >= sizeof(value))
+		if (len >= sizeof(value) - 1)
 			return NULL;
 		if (c == '\n') {
 			if (quote)
--- a/t/t1303-wacky-config.sh
+++ b/t/t1303-wacky-config.sh
@ -10,7 +10,7 @@ setup() {
				@@ -10,7 +10,7 @@ setup() {

 check() {
 	echo "$2" >expected
-	git config --get "$1" >actual
+	git config --get "$1" >actual 2>&1
 	test_cmp actual expected
 }

@ -40,4 +40,11 @@ test_expect_success 'make sure git config escapes section names properly' '
				@@ -40,4 +40,11 @@ test_expect_success 'make sure git config escapes section names properly' '
 	check "$SECTION" bar
 '

+LONG_VALUE=$(printf "x%01021dx a" 7)
+test_expect_success 'do not crash on special long config line' '
+	setup &&
+	git config section.key "$LONG_VALUE" &&
+	check section.key "fatal: bad config file line 2 in .git/config"
+'
+
 test_done