fetch-pack: check for valid commit from server

A malicious server can return ACK with non-existent SHA-1 or not a
commit. lookup_commit() in this case may return NULL. Do not let
fetch-pack crash by accessing NULL address in this case.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/fetch-pack.c b/builtin/fetch-pack.c
index 436798410210b868cfbe439a1603b0a340a32c50..3c871c2da893dc9deb3a36bff03a7032ea038f8a 100644 (file)
--- a/builtin/fetch-pack.c
+++ b/builtin/fetch-pack.c
@@ -395,6 +395,8 @@ static int find_common(int fd[2], unsigned char *result_sha1,
                                case ACK_continue: {
                                        struct commit *commit =
                                                lookup_commit(result_sha1);
+                                       if (!commit)
+                                               die("invalid commit %s", sha1_to_hex(result_sha1));
                                        if (args.stateless_rpc
                                         && ack == ACK_common
                                         && !(commit->object.flags & COMMON)) {