Merge branch 'bc/push-cert-receive-fix'
authorJunio C Hamano <gitster@pobox.com>
Thu, 30 Mar 2017 21:07:18 +0000 (14:07 -0700)
committerJunio C Hamano <gitster@pobox.com>
Thu, 30 Mar 2017 21:07:18 +0000 (14:07 -0700)
"git receive-pack" could have been forced to die by attempting
allocate an unreasonably large amount of memory with a crafted push
certificate; this has been fixed.

* bc/push-cert-receive-fix:
  builtin/receive-pack: fix incorrect pointer arithmetic

builtin/receive-pack.c

index fb2a090..aca9c33 100644 (file)
@@ -1524,7 +1524,7 @@ static void queue_commands_from_cert(struct command **tail,
 
        while (boc < eoc) {
                const char *eol = memchr(boc, '\n', eoc - boc);
-               tail = queue_command(tail, boc, eol ? eol - boc : eoc - eol);
+               tail = queue_command(tail, boc, eol ? eol - boc : eoc - boc);
                boc = eol ? eol + 1 : eoc;
        }
 }