commit 3483a4da364d64c5b630cec74a97fab5b5035c65
from: Stefan Sperling <stsp@stsp.name>
date: Wed May 18 07:45:08 2022 UTC

prevent an out-of-bounds access in got_privsep_recv_tree()

commit - baef4d750d80fcf0fddce409470150e73ae120d3
commit + 3483a4da364d64c5b630cec74a97fab5b5035c65
blob - 7722c1844d8aa88dc65d011668a6b48f8ffeb7d5
blob + e7450fd7c2dce123856dba8a632d60b237b54e91
--- lib/privsep.c
+++ lib/privsep.c
@@ -1658,6 +1658,10 @@ got_privsep_recv_tree(struct got_tree_object **tree, s
 
 			if (datalen + 1 > sizeof(te->name)) {
 				err = got_error(GOT_ERR_NO_SPACE);
+				break;
+			}
+			if (nentries >= (*tree)->nentries) {
+				err = got_error(GOT_ERR_PRIVSEP_LEN);
 				break;
 			}
 			te = &(*tree)->entries[nentries];