]> source.dussan.org Git - jgit.git/commit
projects / jgit.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2269669) | patch
BasePackConnection: Check for expected length of ref advertisement 85/134185/4
authorDavid Pursehouse <david.pursehouse@gmail.com>
Tue, 18 Dec 2018 10:53:26 +0000 (19:53 +0900)
committerDavid Pursehouse <david.pursehouse@gmail.com>
Thu, 20 Dec 2018 02:41:02 +0000 (11:41 +0900)
commitf4fc6404baac5a6a5db34f71e62fb62fd8f1b8ef
tree5fd72ba429af2477a1e7bbe3c52295ad32c3ed3btree | snapshot
parent2269669fb11224da272aebe2f02393388c62a0fdcommit | diff
BasePackConnection: Check for expected length of ref advertisement

When a server sends a ref advertisement using protocol v2 it contains
lines other than ref names and sha1s.  Attempting to get the sha1 out
of such a line using the substring method can result in a SIOOB error
when it doesn't actually contain the sha1 and ref name.

Add a check that the line is of the expected length, and subsequently
that the extracted object id is valid, and if not throw an exception.

Change-Id: Id92fe66ff8b6deb2cf987d81929f8d0602c399f4
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties diff | blob | history
org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java diff | blob | history
org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java diff | blob | history
JGit, the Java implementation of git: https://github.com/eclipse-jgit/jgit