transport: safely handle messages with no caps

If there are no caps, don't try to advance past the first NULL to look for object-format. This prevents a possible out-of-bounds read.
libgit2 · Jan 12, 2024 · d298b02 · d298b02
1 parent a2bde63
commit d298b02
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/libgit2/transports/smart_pkt.c b/src/libgit2/transports/smart_pkt.c
@@ -232,7 +232,8 @@ static int set_data(
 
 	GIT_ASSERT_ARG(data);
 
-	if ((caps = memchr(line, '\0', len)) != NULL) {
+	if ((caps = memchr(line, '\0', len)) != NULL &&
+	    len > (size_t)((caps - line) + 1)) {
 		caps++;
 
 		if (strncmp(caps, "object-format=", CONST_STRLEN("object-format=")) == 0)