Skip to content

Commit

Permalink
fetch-pack: check for valid commit from server
Browse files Browse the repository at this point in the history 
A malicious server can return ACK with non-existent SHA-1 or not a
commit. lookup_commit() in this case may return NULL. Do not let
fetch-pack crash by accessing NULL address in this case.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information
Nguyễn Thái Ngọc Duy authored and Junio C Hamano committed Aug 18, 2011
1 parent a47a645 commit ec09954
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions builtin/fetch-pack.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -395,6 +395,8 @@ static int find_common(int fd[2], unsigned char *result_sha1,
case ACK_continue: {
struct commit *commit =
lookup_commit(result_sha1);
if (!commit)
die("invalid commit %s", sha1_to_hex(result_sha1));
if (args.stateless_rpc
&& ack == ACK_common
&& !(commit->object.flags & COMMON)) {
Expand Down

0 comments on commit ec09954

Please sign in to comment.