Skip to main content

Browse the archive

Staging
v0.8.1
Revision 64cc1c0909949fa2866ad71ad2d1ab7ccaa673d9 authored by Martin Koegler on 06 January 2008, 17:21:10 UTC, committed by Junio C Hamano on 07 January 2008, 02:41:44 UTC 
tree-walk: don't parse incorrect entries
 
The current code can access memory outside of the tree buffer in the
case of malformed tree entries.

This patch prevents this by:

 * The rest of the buffer must be at least 24 bytes (at least 1 byte
   mode, 1 blank, at least one byte path name, 1 NUL, 20 bytes sha1).

 * Check that the last NUL (21 bytes before the end) is present.
   This ensures that strlen() and get_mode() calls stay within the
   buffer.

 * The mode may not be empty. We have only to reject a blank at the
   begin, as the rest is handled by if (c < '0' || c > '7').

 * The blank is ensured by get_mode().

 * The path must contain at least one character.

Signed-off-by: Martin Koegler <mkoegler@auto.tuwien.ac.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent 47ee06f
Raw File
builtin-check-attr.c 
#include "builtin.h"
#include "cache.h"
#include "attr.h"
#include "quote.h"

static const char check_attr_usage[] =
"git-check-attr attr... [--] pathname...";

int cmd_check_attr(int argc, const char **argv, const char *prefix)
{
	struct git_attr_check *check;
	int cnt, i, doubledash;

	if (read_cache() < 0) {
		die("invalid cache");
	}

	doubledash = -1;
	for (i = 1; doubledash < 0 && i < argc; i++) {
		if (!strcmp(argv[i], "--"))
			doubledash = i;
	}

	/* If there is no double dash, we handle only one attribute */
	if (doubledash < 0) {
		cnt = 1;
		doubledash = 1;
	} else
		cnt = doubledash - 1;
	doubledash++;

	if (cnt <= 0 || argc < doubledash)
		usage(check_attr_usage);
	check = xcalloc(cnt, sizeof(*check));
	for (i = 0; i < cnt; i++) {
		const char *name;
		struct git_attr *a;
		name = argv[i + 1];
		a = git_attr(name, strlen(name));
		if (!a)
			return error("%s: not a valid attribute name", name);
		check[i].attr = a;
	}

	for (i = doubledash; i < argc; i++) {
		int j;
		if (git_checkattr(argv[i], cnt, check))
			die("git_checkattr died");
		for (j = 0; j < cnt; j++) {
			const char *value = check[j].value;

			if (ATTR_TRUE(value))
				value = "set";
			else if (ATTR_FALSE(value))
				value = "unset";
			else if (ATTR_UNSET(value))
				value = "unspecified";

			quote_c_style(argv[i], NULL, stdout, 0);
			printf(": %s: %s\n", argv[j+1], value);
		}
	}
	return 0;
}
back to top