wincred: Avoid memory corruption

`wcsncpy_s()` wants to write the terminating null character so we need
to allocate one more space for it in the target memory block.

This should fix crashes when trying to read passwords.  When this
happened, the password/token wouldn't print out and Git would therefore
ask for a new password every time.

Signed-off-by: David Macek <david.macek.0@gmail.com>
This commit is contained in:
David Macek
2025-10-03 10:06:40 +02:00
committed by Johannes Schindelin
parent 5b7f56a2af
commit d905624f2c

View File

@@ -165,7 +165,7 @@ static void get_credential(void)
write_item("username", creds[i]->UserName,
creds[i]->UserName ? wcslen(creds[i]->UserName) : 0);
if (creds[i]->CredentialBlobSize > 0) {
secret = xmalloc(creds[i]->CredentialBlobSize);
secret = xmalloc(creds[i]->CredentialBlobSize + sizeof(WCHAR));
wcsncpy_s(secret, creds[i]->CredentialBlobSize, (LPCWSTR)creds[i]->CredentialBlob, creds[i]->CredentialBlobSize / sizeof(WCHAR));
line = wcstok_s(secret, L"\r\n", &remaining_lines);
write_item("password", line, line ? wcslen(line) : 0);