Skip to content

Commit

Permalink
[PATCH] Make get_sha1_basic() more careful
Browse files Browse the repository at this point in the history 
The "get_sha1_hex()" function is designed to work with SHA1 hex strings
that may be followed by arbitrary crud. However, that's not acceptable for
"get_sha1()" which is used for command line arguments etc: we don't want
to silently allow random characters after the end of the SHA1.

So verify that the hex string is all we have.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
  • Loading branch information
Linus Torvalds authored and Junio C Hamano committed Aug 14, 2005
1 parent 02a4a32 commit 3c3852e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion sha1_name.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ static int get_sha1_basic(const char *str, int len, unsigned char *sha1)
};
const char **p;

if (!get_sha1_hex(str, sha1))
if (len == 40 && !get_sha1_hex(str, sha1))
return 0;

for (p = prefix; *p; p++) {
Expand Down

0 comments on commit 3c3852e

Please sign in to comment.