On Tue, Mar 08, 2022 at 10:37:09PM +0100, Christian Weisgerber wrote:
> Also, got_repo_match_object_id_prefix() accepts hex strings of
> unlimited length as a prefix.  I can't tell if that is a forward-thinking
> feature or an omission.

Yes it might make sense to limit it. Using SHA256 is a future possibility,
Git is in a slow progress of switching to it. But that affects a lot of
areas of the code, so adding a check like this won't hurt.

diff 0ed2285b0119b293d6b77b882c707c0377e176cd /home/stsp/src/got
blob - 8885743e283c1cb4fc9c98d7c28f6d6732f33469
file + lib/repository.c
--- lib/repository.c
+++ lib/repository.c
@@ -1671,13 +1671,16 @@ got_repo_match_object_id_prefix(struct got_object_id *
 
 	*id = NULL;
 
-	for (i = 0; i < strlen(id_str_prefix); i++) {
-		if (isxdigit((unsigned char)id_str_prefix[i]))
-			continue;
-		return got_error_path(id_str_prefix, GOT_ERR_BAD_OBJ_ID_STR);
-	}
-
 	len = strlen(id_str_prefix);
+	if (len > SHA1_DIGEST_STRING_LENGTH - 1)
+		return got_error_path(id_str_prefix, GOT_ERR_BAD_OBJ_ID_STR);
+
+	for (i = 0; i < len; i++) {
+		if (isxdigit((unsigned char)id_str_prefix[i]))
+			continue;
+		return got_error_path(id_str_prefix, GOT_ERR_BAD_OBJ_ID_STR);
+	}
+
 	if (len >= 2) {
 		err = match_packed_object(id, repo, id_str_prefix, obj_type);
 		if (err)