diff options
| author | Jeff King <peff@peff.net> | 2023-04-14 23:25:20 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2023-04-15 00:08:13 +0200 |
| commit | 7ce4c8f752bc0da682acbda6457d6543ad5d0069 (patch) | |
| tree | 545d1046f411277a392118d3520c8385970a0765 /send-pack.c | |
| parent | t5512: test "ls-remote --heads --symref" filtering with v0 and v2 (diff) | |
| download | git-7ce4c8f752bc0da682acbda6457d6543ad5d0069.tar.xz git-7ce4c8f752bc0da682acbda6457d6543ad5d0069.zip | |
v0 protocol: use size_t for capability length/offset
When parsing server capabilities, we use "int" to store lengths and
offsets. At first glance this seems like a spot where our parser may be
confused by integer overflow if somebody sent us a malicious response.
In practice these strings are all bounded by the 64k limit of a
pkt-line, so using "int" is OK. However, it makes the code simpler to
audit if they just use size_t everywhere. Note that because we take
these parameters as pointers, this also forces many callers to update
their declared types.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'send-pack.c')
| -rw-r--r-- | send-pack.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/send-pack.c b/send-pack.c index f81bbb28d7..97344b629e 100644 --- a/send-pack.c +++ b/send-pack.c @@ -538,7 +538,7 @@ int send_pack(struct send_pack_args *args, die(_("the receiving end does not support this repository's hash algorithm")); if (args->push_cert != SEND_PACK_PUSH_CERT_NEVER) { - int len; + size_t len; push_cert_nonce = server_feature_value("push-cert", &len); if (push_cert_nonce) { reject_invalid_nonce(push_cert_nonce, len); |