kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
Browse Source

url: do not read past end of buffer 

url_decode_internal could have been tricked into reading past the length
of the **query buffer if there are fewer than 2 characters after a % (in
a null-terminated string, % would have to be the last character).
Prevent this from happening by checking len before decoding the %
sequence.

Helped-by: René Scharfe <l.s.r@web.de>
Signed-off-by: Matthew DeVore <matvore@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
Matthew DeVore 6 years ago committed by Junio C Hamano
parent
aeb582a983
commit
3f6b8a6177
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      url.c

2
url.c
Unescape View File

@ -46,7 +46,7 @@ static char *url_decode_internal(const char **query, int len, @@ -46,7 +46,7 @@ static char *url_decode_internal(const char **query, int len,
break;
}

if (c == '%') {
if (c == '%' && (len < 0 || len >= 3)) {
int val = hex2chr(q + 1);
if (0 <= val) {
strbuf_addch(out, val);

Write Preview
Loading…
Cancel
Save