• Jeff King's avatar
    transport-helper: avoid reading past end-of-string · 21a2d4ad
    Jeff King authored
    We detect the "import-marks" capability by looking for that
    string, but _without_ a trailing space. Then we skip past it
    using strlen("import-marks "), with a space. So if a remote
    helper gives us exactly "import-marks", we will read past
    the end-of-string by one character.
    
    This is unlikely to be a problem in practice, because such
    input is malformed in the first place, and because there is
    a good chance that the string has an extra NUL terminator
    one character after the original (because it formerly had a
    newline in it that we parsed off).
    
    We can fix it by using skip_prefix with "import-marks ",
    with the space. The other form appears to be a typo from
    a515ebe9 (transport-helper: implement marks location as
    capability, 2011-07-16); "import-marks" has never existed
    without an argument, and it should match the "export-marks"
    definition above.
    
    Speaking of which, we can also use skip_prefix in a few
    other places while we are in the function.
    Signed-off-by: default avatarJeff King <peff@peff.net>
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
    21a2d4ad
transport-helper.c 34.1 KB