commit a90356f7c470563a35922c4cbb01824558dcf207
from: Stefan Sperling <stsp@stsp.name>
date: Thu Aug 26 07:01:34 2021 UTC

prevent NULL deref in got-fetch-pack if server does not announce capabilities

The my_capabilities pointer may remain NULL. Check for NULL before use.

commit - 14d2b281dd2fafec8beebfca6b5911b0ff21d676
commit + a90356f7c470563a35922c4cbb01824558dcf207
blob - 299f0e6a9b3f2fa79ffa0fd87f5db70edf73a946
blob + d3181d5e845b3b24479c5a38d23fb330c12ff499
--- libexec/got-fetch-pack/got-fetch-pack.c
+++ libexec/got-fetch-pack/got-fetch-pack.c
@@ -710,7 +710,8 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 				goto done;
 			if (chattygot)
 				fprintf(stderr, "%s: my capabilities:%s\n",
-				    getprogname(), my_capabilities);
+				    getprogname(), my_capabilities != NULL ?
+				    my_capabilities : "");
 			err = send_fetch_symrefs(ibuf, &symrefs);
 			if (err)
 				goto done;
@@ -844,7 +845,8 @@ fetch_pack(int fd, int packfd, uint8_t *pack_sha1,
 			continue;
 		got_sha1_digest_to_str(want[i].sha1, hashstr, sizeof(hashstr));
 		n = snprintf(buf, sizeof(buf), "want %s%s\n", hashstr,
-		    sent_my_capabilites ? "" : my_capabilities);
+		    sent_my_capabilites || my_capabilities == NULL ?
+		    "" : my_capabilities);
 		if (n >= sizeof(buf)) {
 			err = got_error(GOT_ERR_NO_SPACE);
 			goto done;