wincred: avoid memory corruption

`wcsncpy_s()` wants to write the terminating null character so we need to allocate one more space for it in the target memory block. This should fix crashes when trying to read passwords. When this happened, the password/token wouldn't print out and Git would therefore ask for a new password every time. Signed-off-by: David Macek <david.macek.0@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: David Macek <david.macek.0@gmail.com> 2025-11-17 20:39:44 +0000
committer: Junio C Hamano <gitster@pobox.com> 2025-11-17 14:17:42 -0800
commit: d22a488482092da64ad19fda82edde199bed2466 (patch)
tree: 975de56c51a354b0fe57dc06f0c88778be66b636 /contrib
parent: f368df439b31b422169975cc3c95f7db6a46eada (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/credential/wincred/git-credential-wincred.c b/contrib/credential/wincred/git-credential-wincred.c
index 5683846b4b..73c2b9b72a 100644
--- a/contrib/credential/wincred/git-credential-wincred.c
+++ b/contrib/credential/wincred/git-credential-wincred.c
@@ -165,7 +165,7 @@ static void get_credential(void)
 			write_item("username", creds[i]->UserName,
 				creds[i]->UserName ? wcslen(creds[i]->UserName) : 0);
 			if (creds[i]->CredentialBlobSize > 0) {
-				secret = xmalloc(creds[i]->CredentialBlobSize);
+				secret = xmalloc(creds[i]->CredentialBlobSize + sizeof(WCHAR));
 				wcsncpy_s(secret, creds[i]->CredentialBlobSize, (LPCWSTR)creds[i]->CredentialBlob, creds[i]->CredentialBlobSize / sizeof(WCHAR));
 				line = wcstok_s(secret, L"\r\n", &remaining_lines);
 				write_item("password", line, line ? wcslen(line) : 0);
author	David Macek <david.macek.0@gmail.com>	2025-11-17 20:39:44 +0000
committer	Junio C Hamano <gitster@pobox.com>	2025-11-17 14:17:42 -0800
commit	d22a488482092da64ad19fda82edde199bed2466 (patch)
tree	975de56c51a354b0fe57dc06f0c88778be66b636 /contrib
parent	f368df439b31b422169975cc3c95f7db6a46eada (diff)