Skip to main content

Browse the archive

Staging
v0.8.1
Revision 64cc1c0909949fa2866ad71ad2d1ab7ccaa673d9 authored by Martin Koegler on 06 January 2008, 17:21:10 UTC, committed by Junio C Hamano on 07 January 2008, 02:41:44 UTC 
tree-walk: don't parse incorrect entries
 
The current code can access memory outside of the tree buffer in the
case of malformed tree entries.

This patch prevents this by:

 * The rest of the buffer must be at least 24 bytes (at least 1 byte
   mode, 1 blank, at least one byte path name, 1 NUL, 20 bytes sha1).

 * Check that the last NUL (21 bytes before the end) is present.
   This ensures that strlen() and get_mode() calls stay within the
   buffer.

 * The mode may not be empty. We have only to reject a blank at the
   begin, as the rest is handled by if (c < '0' || c > '7').

 * The blank is ensured by get_mode().

 * The path must contain at least one character.

Signed-off-by: Martin Koegler <mkoegler@auto.tuwien.ac.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent 47ee06f
Raw File
builtin-verify-pack.c 
#include "builtin.h"
#include "cache.h"
#include "pack.h"

static int verify_one_pack(const char *path, int verbose)
{
	char arg[PATH_MAX];
	int len;
	struct packed_git *pack;
	int err;

	len = strlcpy(arg, path, PATH_MAX);
	if (len >= PATH_MAX)
		return error("name too long: %s", path);

	/*
	 * In addition to "foo.idx" we accept "foo.pack" and "foo";
	 * normalize these forms to "foo.idx" for add_packed_git().
	 */
	if (has_extension(arg, ".pack")) {
		strcpy(arg + len - 5, ".idx");
		len--;
	} else if (!has_extension(arg, ".idx")) {
		if (len + 4 >= PATH_MAX)
			return error("name too long: %s.idx", arg);
		strcpy(arg + len, ".idx");
		len += 4;
	}

	/*
	 * add_packed_git() uses our buffer (containing "foo.idx") to
	 * build the pack filename ("foo.pack").  Make sure it fits.
	 */
	if (len + 1 >= PATH_MAX) {
		arg[len - 4] = '\0';
		return error("name too long: %s.pack", arg);
	}

	pack = add_packed_git(arg, len, 1);
	if (!pack)
		return error("packfile %s not found.", arg);

	err = verify_pack(pack, verbose);
	free(pack);

	return err;
}

static const char verify_pack_usage[] = "git-verify-pack [-v] <pack>...";

int cmd_verify_pack(int argc, const char **argv, const char *prefix)
{
	int err = 0;
	int verbose = 0;
	int no_more_options = 0;
	int nothing_done = 1;

	git_config(git_default_config);
	while (1 < argc) {
		if (!no_more_options && argv[1][0] == '-') {
			if (!strcmp("-v", argv[1]))
				verbose = 1;
			else if (!strcmp("--", argv[1]))
				no_more_options = 1;
			else
				usage(verify_pack_usage);
		}
		else {
			if (verify_one_pack(argv[1], verbose))
				err = 1;
			nothing_done = 0;
		}
		argc--; argv++;
	}

	if (nothing_done)
		usage(verify_pack_usage);

	return err;
}
back to top