color: protect against out-of-bounds reads and writes

want_color_fd() is designed to work only with standard output and error file descriptors and stores information about each descriptor in an array. However, it doesn't verify that the passed-in descriptor lives within that set, which, with a buggy caller, could lead to access or assignment outside the array bounds. Signed-off-by: Eric Sunshine <sunshine@sunshineco.com> Acked-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-08-02 23:07:49 -07:00 · 2018-08-02 23:07:49 -07:00 · 65bb21e77e
--- a/color.c
+++ b/color.c
@ -343,6 +343,9 @@ int want_color_fd(int fd, int var)

 	static int want_auto[3] = { -1, -1, -1 };

+	if (fd < 1 || fd >= ARRAY_SIZE(want_auto))
+		BUG("file descriptor out of range: %d", fd);
+
 	if (var < 0)
 		var = git_use_color_default;