Skip to content

Commit c8a7b2b

Browse files
mjcheethammjcheetham
committed
git: add guards against malformed Git config data
Add some checks/guards against malformed data output from Git configuration when enumerating all entries. If we hit the unexpected end of the data stream we trace and stop parsing.
1 parent e2b7deb commit c8a7b2b

File tree

1 file changed

+21
-3
lines changed

1 file changed

+21
-3
lines changed

src/shared/Microsoft.Git.CredentialManager/GitConfiguration.cs

Lines changed: 21 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -145,29 +145,47 @@ public void Enumerate(GitConfigurationLevel level, GitConfigurationEnumerationCa
145145
value.Clear();
146146

147147
// Read config scope (null terminated)
148-
while (data[i] != '\0')
148+
while (i < data.Length && data[i] != '\0')
149149
{
150150
scope.Append(data[i++]);
151151
}
152152

153+
if (i >= data.Length)
154+
{
155+
_trace.WriteLine("Invalid Git configuration output. Expected null terminator (\\0) after scope.");
156+
break;
157+
}
158+
153159
// Skip the null terminator
154160
i++;
155161

156162
// Read key name (LF terminated)
157-
while (data[i] != '\n')
163+
while (i < data.Length && data[i] != '\n')
158164
{
159165
name.Append(data[i++]);
160166
}
161167

168+
if (i >= data.Length)
169+
{
170+
_trace.WriteLine("Invalid Git configuration output. Expected newline terminator (\\n) after key.");
171+
break;
172+
}
173+
162174
// Skip the LF terminator
163175
i++;
164176

165177
// Read value (null terminated)
166-
while (data[i] != '\0')
178+
while (i < data.Length && data[i] != '\0')
167179
{
168180
value.Append(data[i++]);
169181
}
170182

183+
if (i >= data.Length)
184+
{
185+
_trace.WriteLine("Invalid Git configuration output. Expected null terminator (\\0) after value.");
186+
break;
187+
}
188+
171189
// Skip the null terminator
172190
i++;
173191

0 commit comments

Comments
 (0)