From: Stefan Sperling Subject: Re: handle reference arguments that look like short object IDs To: Christian Weisgerber Cc: gameoftrees@openbsd.org Date: Wed, 9 Mar 2022 10:03:03 +0100 On Tue, Mar 08, 2022 at 10:37:09PM +0100, Christian Weisgerber wrote: > Also, got_repo_match_object_id_prefix() accepts hex strings of > unlimited length as a prefix. I can't tell if that is a forward-thinking > feature or an omission. Yes it might make sense to limit it. Using SHA256 is a future possibility, Git is in a slow progress of switching to it. But that affects a lot of areas of the code, so adding a check like this won't hurt. diff 0ed2285b0119b293d6b77b882c707c0377e176cd /home/stsp/src/got blob - 8885743e283c1cb4fc9c98d7c28f6d6732f33469 file + lib/repository.c --- lib/repository.c +++ lib/repository.c @@ -1671,13 +1671,16 @@ got_repo_match_object_id_prefix(struct got_object_id * *id = NULL; - for (i = 0; i < strlen(id_str_prefix); i++) { - if (isxdigit((unsigned char)id_str_prefix[i])) - continue; - return got_error_path(id_str_prefix, GOT_ERR_BAD_OBJ_ID_STR); - } - len = strlen(id_str_prefix); + if (len > SHA1_DIGEST_STRING_LENGTH - 1) + return got_error_path(id_str_prefix, GOT_ERR_BAD_OBJ_ID_STR); + + for (i = 0; i < len; i++) { + if (isxdigit((unsigned char)id_str_prefix[i])) + continue; + return got_error_path(id_str_prefix, GOT_ERR_BAD_OBJ_ID_STR); + } + if (len >= 2) { err = match_packed_object(id, repo, id_str_prefix, obj_type); if (err)