Please sign in to comment.
index: error out on unreasonable prefix-compressed path lengths
When computing the complete path length from the encoded prefix-compressed path, we end up just allocating the complete path without ever checking what the encoded path length actually is. This can easily lead to a denial of service by just encoding an unreasonable long path name inside of the index. Git already enforces a maximum path length of 4096 bytes. As we also have that enforcement ready in some places, just make sure that the resulting path is smaller than GIT_PATH_MAX. Reported-by: Krishna Ram Prakash R <firstname.lastname@example.org> Reported-by: Vivek Parikh <email@example.com>
- Loading branch information...