Ensure we don't run past the end of the tree text.
[jelmer/dulwich-libgit2.git] / dulwich / _objects.c
index 3f939c19e5d9b36242d6697f2a3786ac2ea954be..fef82e78f791f35f5cbc9feecab8eea7584d7715 100644 (file)
@@ -37,7 +37,7 @@ static PyObject *sha_to_pyhex(const unsigned char *sha)
 
 static PyObject *py_parse_tree(PyObject *self, PyObject *args)
 {
-       char *text, *end;
+       char *text, *start, *end;
        int len, namelen;
        PyObject *ret, *item, *name;
 
@@ -52,6 +52,7 @@ static PyObject *py_parse_tree(PyObject *self, PyObject *args)
                return NULL;
        }
 
+       start = text;
        end = text + len;
 
        while (text < end) {
@@ -66,7 +67,7 @@ static PyObject *py_parse_tree(PyObject *self, PyObject *args)
 
                text++;
 
-               namelen = strlen(text);
+               namelen = strnlen(text, len - (text - start));
 
                name = PyString_FromStringAndSize(text, namelen);
                if (name == NULL) {
@@ -74,6 +75,13 @@ static PyObject *py_parse_tree(PyObject *self, PyObject *args)
                        return NULL;
                }
 
+               if (text + namelen + 20 >= end) {
+                       PyErr_SetString(PyExc_RuntimeError, "SHA truncated");
+                       Py_DECREF(ret);
+                       Py_DECREF(name);
+                       return NULL;
+               }
+
                item = Py_BuildValue("(NlN)", name, mode,
                                                         sha_to_pyhex((unsigned char *)text+namelen+1));
                if (item == NULL) {