wincred: avoid memory corruption

`wcsncpy_s()` wants to write the terminating null character so we need
to allocate one more space for it in the target memory block.

This should fix crashes when trying to read passwords.  When this
happened, the password/token wouldn't print out and Git would therefore
ask for a new password every time.

Signed-off-by: David Macek <david.macek.0@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/contrib/credential/wincred/git-credential-wincred.c b/contrib/credential/wincred/git-credential-wincred.c
index 5683846b4b4d1f0ab775d296efa6d0be0f9caba2..73c2b9b72ab53ecd9613276af598d12ce54262cf 100644 (file)
--- a/contrib/credential/wincred/git-credential-wincred.c
+++ b/contrib/credential/wincred/git-credential-wincred.c
@@ -165,7 +165,7 @@ static void get_credential(void)
                        write_item("username", creds[i]->UserName,
                                creds[i]->UserName ? wcslen(creds[i]->UserName) : 0);
                        if (creds[i]->CredentialBlobSize > 0) {
-                               secret = xmalloc(creds[i]->CredentialBlobSize);
+                               secret = xmalloc(creds[i]->CredentialBlobSize + sizeof(WCHAR));
                                wcsncpy_s(secret, creds[i]->CredentialBlobSize, (LPCWSTR)creds[i]->CredentialBlob, creds[i]->CredentialBlobSize / sizeof(WCHAR));
                                line = wcstok_s(secret, L"\r\n", &remaining_lines);
                                write_item("password", line, line ? wcslen(line) : 0);