commit 8991a328535f89f3f2257269f5c2d3fcec8bda69 from: Stefan Sperling date: Thu Aug 26 07:08:48 2021 UTC add a missing bounds-check in got-fetch-pack when parsing server response The tokenize_refline() function could end up reading past the end of the buffer if the refline is not terminated with whitespace or \0. commit - a90356f7c470563a35922c4cbb01824558dcf207 commit + 8991a328535f89f3f2257269f5c2d3fcec8bda69 blob - d3181d5e845b3b24479c5a38d23fb330c12ff499 blob + 7666d8a45ed09a018f2f8aa871943aa38616db3c --- libexec/got-fetch-pack/got-fetch-pack.c +++ libexec/got-fetch-pack/got-fetch-pack.c @@ -294,7 +294,7 @@ tokenize_refline(char **tokens, char *line, int len, i n++; } p = line; - while (*line != '\0' && + while (*line != '\0' && n < len && (!isspace(*line) || i == maxtokens - 1)) { line++; n++;