From 3c3852e33b3e40ad64885d845cb92a52c7b15884 Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@osdl.org>
Date: Sat, 13 Aug 2005 11:05:25 -0700
Subject: [PATCH] [PATCH] Make get_sha1_basic() more careful

The "get_sha1_hex()" function is designed to work with SHA1 hex strings
that may be followed by arbitrary crud. However, that's not acceptable for
"get_sha1()" which is used for command line arguments etc: we don't want
to silently allow random characters after the end of the SHA1.

So verify that the hex string is all we have.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 sha1_name.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sha1_name.c b/sha1_name.c
index df45b172..fdd32144 100644
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -148,7 +148,7 @@ static int get_sha1_basic(const char *str, int len, unsigned char *sha1)
 	};
 	const char **p;
 
-	if (!get_sha1_hex(str, sha1))
+	if (len == 40 && !get_sha1_hex(str, sha1))
 		return 0;
 
 	for (p = prefix; *p; p++) {
-- 
2.11.0