[PATCH] Make get_sha1_basic() more careful

The "get_sha1_hex()" function is designed to work with SHA1 hex strings that may be followed by arbitrary crud. However, that's not acceptable for "get_sha1()" which is used for command line arguments etc: we don't want to silently allow random characters after the end of the SHA1. So verify that the hex string is all we have. Signed-off-by: N Linus Torvalds <torvalds@osdl.org> Signed-off-by: N Junio C Hamano <junkio@cox.net>

[PATCH] Make get_sha1_basic() more careful
The "get_sha1_hex()" function is designed to work with SHA1 hex strings that may be followed by arbitrary crud. However, that's not acceptable for "get_sha1()" which is used for command line arguments etc: we don't want to silently allow random characters after the end of the SHA1. So verify that the hex string is all we have. Signed-off-by: N Linus Torvalds <torvalds@osdl.org> Signed-off-by: N Junio C Hamano <junkio@cox.net>
3c3852e3 · Linus Torvalds · Junio C Hamano · 02a4a32c · 3c3852e3
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

sha1_name.c sha1_name.c +1 -1

未找到文件。
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -148,7 +148,7 @@ static int get_sha1_basic(const char *str, int len, unsigned char *sha1)
 	};
 	const char **p;

-	if (!get_sha1_hex(str, sha1))
+	if (len == 40 && !get_sha1_hex(str, sha1))
 		return 0;

 	for (p = prefix; *p; p++) {