commit 13fcf1bf305bb86f5bbe5da661f8811846b79d61
from: Stefan Sperling <stsp@stsp.name>
date: Wed May 18 07:44:30 2022 UTC

make got_privsep_recv_tree() reject trees with less than zero entries

commit - 7429ae85e5dff2953bced09c774ea43f501e8929
commit + 13fcf1bf305bb86f5bbe5da661f8811846b79d61
blob - 6618deade1bf2e3f682f10b87ba1c86ca75a1ecd
blob + 81911e24b2ea5c4586cdc7a274e084217d523bd6
--- lib/privsep.c
+++ lib/privsep.c
@@ -1617,6 +1617,10 @@ got_privsep_recv_tree(struct got_tree_object **tree, s
 				break;
 			}
 			itree = imsg.data;
+			if (itree->nentries < 0) {
+				err = got_error(GOT_ERR_PRIVSEP_LEN);
+				break;
+			}
 			*tree = malloc(sizeof(**tree));
 			if (*tree == NULL) {
 				err = got_error_from_errno("malloc");