smart protocol: validate progress message length

ethomson · ethomson · commit 8c925ef83895 · 2019-06-24T15:00:41.000+01:00
Ensure that the server has not sent us overly-large sideband messages
(ensure that they are no more than `INT_MAX` bytes), then cast to `int`.
diff --git a/src/transports/smart_protocol.c b/src/transports/smart_protocol.c
@@ -604,7 +604,14 @@ int git_smart__download_pack(
 			} else if (pkt->type == GIT_PKT_PROGRESS) {
 				if (t->progress_cb) {
 					git_pkt_progress *p = (git_pkt_progress *) pkt;
-					error = t->progress_cb(p->data, p->len, t->message_cb_payload);
+
+					if (p->len > INT_MAX) {
+						git_error_set(GIT_ERROR_NET, "oversized progress message");
+						error = GIT_ERROR;
+						goto done;
+					}
+
+					error = t->progress_cb(p->data, (int)p->len, t->message_cb_payload);
 				}
 			} else if (pkt->type == GIT_PKT_DATA) {
 				git_pkt_data *p = (git_pkt_data *) pkt;
@@ -839,7 +846,14 @@ static int parse_report(transport_smart *transport, git_push *push)
 			case GIT_PKT_PROGRESS:
 				if (transport->progress_cb) {
 					git_pkt_progress *p = (git_pkt_progress *) pkt;
-					error = transport->progress_cb(p->data, p->len, transport->message_cb_payload);
+
+					if (p->len > INT_MAX) {
+						git_error_set(GIT_ERROR_NET, "oversized progress message");
+						error = GIT_ERROR;
+						goto done;
+					}
+
+					error = transport->progress_cb(p->data, (int)p->len, transport->message_cb_payload);
 				}
 				break;
 			default:
