mirror of
https://github.com/git/git
synced 2024-10-30 14:03:28 +00:00
5747c8072b
The macOS Keychain-based credential helper reads the newline-delimited
protocol stream one line at a time by repeatedly calling fgets() into a
fixed-size buffer, and is thus affected by the vulnerability described
in the previous commit.
To mitigate this attack, avoid using a fixed-size buffer, and instead
rely on getline() to allocate a buffer as large as necessary to fit the
entire content of the line, preventing any protocol injection.
We solved a similar problem in
|
||
---|---|---|
.. | ||
.gitignore | ||
git-credential-osxkeychain.c | ||
Makefile |