global/git
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2026-01-10 01:56:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'tb/wincred-buffer-overflow' into maint-2.43

Browse Source 
This merges in the fix for CVE-2025-48386.

* tb/wincred-buffer-overflow:
  wincred: avoid buffer overflow in wcsncat()

Signed-off-by: Taylor Blau <me@ttaylorr.com>
This commit is contained in:
Taylor Blau
2025-05-28 14:33:35 -04:00
parent 2d22f0cd07 9de345cb27
commit 32c93d5935
1 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
contrib/credential/wincred/git-credential-wincred.c
View File

@@ -37,6 +37,14 @@ static void *xmalloc(size_t size)
static WCHAR *wusername, *password, *protocol, *host, *path, target[1024],
*password_expiry_utc;
static void target_append(const WCHAR *src)
{
size_t avail = ARRAY_SIZE(target) - wcslen(target) - 1; /* -1 for NUL */
if (avail < wcslen(src))
die("target buffer overflow");
wcsncat(target, src, avail);
}
static void write_item(const char *what, LPCWSTR wbuf, int wlen)
{
char *buf;
@@ -294,17 +302,17 @@ int main(int argc, char *argv[])
/* prepare 'target', the unique key for the credential */
wcscpy(target, L"git:");
wcsncat(target, protocol, ARRAY_SIZE(target));
wcsncat(target, L"://", ARRAY_SIZE(target));
target_append(protocol);
target_append(L"://");
if (wusername) {
wcsncat(target, wusername, ARRAY_SIZE(target));
wcsncat(target, L"@", ARRAY_SIZE(target));
target_append(wusername);
target_append(L"@");
}
if (host)
wcsncat(target, host, ARRAY_SIZE(target));
target_append(host);
if (path) {
wcsncat(target, L"/", ARRAY_SIZE(target));
wcsncat(target, path, ARRAY_SIZE(target));
target_append(L"/");
target_append(path);
}
if (!strcmp(argv[1], "get"))