vendor/libgit2/src/signature.c in rugged-0.27.7 vs vendor/libgit2/src/signature.c in rugged-0.27.9
- old
+ new
@@ -229,11 +229,12 @@
/* Do we even have a time at the end of the signature? */
if (email_end + 2 < buffer_end) {
const char *time_start = email_end + 2;
const char *time_end;
- if (git__strtol64(&sig->when.time, time_start, &time_end, 10) < 0) {
+ if (git__strntol64(&sig->when.time, time_start,
+ buffer_end - time_start, &time_end, 10) < 0) {
git__free(sig->name);
git__free(sig->email);
sig->name = sig->email = NULL;
return signature_error("invalid Unix timestamp");
}
@@ -244,10 +245,11 @@
const char *tz_start, *tz_end;
tz_start = time_end + 1;
if ((tz_start[0] != '-' && tz_start[0] != '+') ||
- git__strtol32(&offset, tz_start + 1, &tz_end, 10) < 0) {
+ git__strntol32(&offset, tz_start + 1,
+ buffer_end - tz_start - 1, &tz_end, 10) < 0) {
/* malformed timezone, just assume it's zero */
offset = 0;
}
hours = offset / 100;