aboutsummaryrefslogtreecommitdiff
path: root/hex.c
diff options
context:
space:
mode:
authorMichael Haggerty <mhagger@alum.mit.edu>2011-09-23 15:38:36 +0200
committerJunio C Hamano <gitster@pobox.com>2011-10-05 13:45:16 -0700
commitd4e85a1afe0a3310a3c8336c2824775901cc27d7 (patch)
treecaf44e689fec5d36aef2439c8016bbebee413148 /hex.c
parent3793ac56b4c4f9bf0bddc306a0cec21118683728 (diff)
downloadgit-d4e85a1afe0a3310a3c8336c2824775901cc27d7.tar.gz
git-d4e85a1afe0a3310a3c8336c2824775901cc27d7.tar.xz
get_sha1_hex(): do not read past a NUL character
Previously, get_sha1_hex() would read one character past the end of a null-terminated string whose strlen was an even number less than 40. Although the function correctly returned -1 in these cases, the extra memory access might have been to uninitialized (or even, conceivably, unallocated) memory. Add a check to avoid reading past the end of a string. This problem was discovered by Thomas Rast <trast@student.ethz.ch> using valgrind. Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'hex.c')
-rw-r--r--hex.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/hex.c b/hex.c
index bb402fbaa..9ebc05063 100644
--- a/hex.c
+++ b/hex.c
@@ -39,7 +39,15 @@ int get_sha1_hex(const char *hex, unsigned char *sha1)
{
int i;
for (i = 0; i < 20; i++) {
- unsigned int val = (hexval(hex[0]) << 4) | hexval(hex[1]);
+ unsigned int val;
+ /*
+ * hex[1]=='\0' is caught when val is checked below,
+ * but if hex[0] is NUL we have to avoid reading
+ * past the end of the string:
+ */
+ if (!hex[0])
+ return -1;
+ val = (hexval(hex[0]) << 4) | hexval(hex[1]);
if (val & ~0xff)
return -1;
*sha1++ = val;