Fix buffer overflow in config parser

When interpreting a config value, the config parser reads in 1+ space
character(s) and puts -one- space character in the buffer as soon as
the first non-space character is encountered (if not inside quotes).

Unfortunately the buffer size check lacks the extra space character
which gets inserted at the next non-space character, resulting in
a crash with a specially crafted config entry.

The unit test now uses Java to compile a platform independent
.NET framework to output the test string in C# :o)

    Read: Thanks to Johannes Sixt for the correct printf call
    which replaces the perl invocation.

Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

This commit is contained in:

Thomas Jarosch

2009-04-17 14:05:11 +02:00

committed by

Junio C Hamano

parent c6d8f7635f

commit e0b3cc0dff

2 changed files with 9 additions and 2 deletions

									
										2

config.c
									
												View File
												
				@ -51,7 +51,7 @@ static char *parse_value(void)

					for (;;) {

						int c = get_next_char();

						if (len >= sizeof(value))

						if (len >= sizeof(value) - 1)

							return NULL;

						if (c == '\n') {

							if (quote)

Fix buffer overflow in config parser

2 config.c Unescape Escape View File

2

config.c

View File