git-for-windows/git
1
0
Fork 0
mirror of https://github.com/git-for-windows/git.git synced 2026-02-04 12:24:55 -06:00
Code Issues Packages Projects Releases 335 Wiki Activity

wincred: Avoid memory corruption

Browse Source 
`wcsncpy_s()` wants to write the terminating null character so we need
to allocate one more space for it in the target memory block.

This should fix crashes when trying to read passwords.  When this
happened, the password/token wouldn't print out and Git would therefore
ask for a new password every time.

Signed-off-by: David Macek <david.macek.0@gmail.com>
This commit is contained in:
David Macek 2025-10-03 10:06:40 +02:00
parent ade1f1c136
commit 8e4b968cb3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/credential/wincred/git-credential-wincred.c
View File

@ -165,7 +165,7 @@ static void get_credential(void)
write_item("username", creds[i]->UserName,
creds[i]->UserName ? wcslen(creds[i]->UserName) : 0);
if (creds[i]->CredentialBlobSize > 0) {
secret = xmalloc(creds[i]->CredentialBlobSize);
secret = xmalloc(creds[i]->CredentialBlobSize + sizeof(WCHAR));
wcsncpy_s(secret, creds[i]->CredentialBlobSize, (LPCWSTR)creds[i]->CredentialBlob, creds[i]->CredentialBlobSize / sizeof(WCHAR));
line = wcstok_s(secret, L"\r\n", &remaining_lines);
write_item("password", line, line ? wcslen(line) : 0);