commit f392e333e6fe8e8ce5e2ebc285041cbe95236c5e
from: Stefan Sperling <stsp@stsp.name>
date: Mon Dec 24 16:28:20 2018 UTC

verify total size vs header length in got-read-blob

commit - b87c6f836d2cb7d597e245c70ea4540cf6a36af4
commit + f392e333e6fe8e8ce5e2ebc285041cbe95236c5e
blob - bcd6bb4ba2b60ed90712b29a2e72129204bee3cb
blob + d795af670c71cbef29833b04357bb80f33c64241
--- libexec/got-read-blob/got-read-blob.c
+++ libexec/got-read-blob/got-read-blob.c
@@ -147,6 +147,11 @@ main(int argc, char *argv[])
 		if (err)
 			goto done;
 
+		if (size < obj->hdrlen) {
+			err = got_error(GOT_ERR_BAD_OBJ_HDR);
+			goto done;
+		}
+
 		err = got_privsep_send_blob(&ibuf, size, obj->hdrlen);
 done:
 		if (f)