Staging
v0.8.1
v0.8.1
Revision 64cc1c0909949fa2866ad71ad2d1ab7ccaa673d9 authored by Martin Koegler on 06 January 2008, 17:21:10 UTC, committed by Junio C Hamano on 07 January 2008, 02:41:44 UTC
The current code can access memory outside of the tree buffer in the case of malformed tree entries. This patch prevents this by: * The rest of the buffer must be at least 24 bytes (at least 1 byte mode, 1 blank, at least one byte path name, 1 NUL, 20 bytes sha1). * Check that the last NUL (21 bytes before the end) is present. This ensures that strlen() and get_mode() calls stay within the buffer. * The mode may not be empty. We have only to reject a blank at the begin, as the rest is handled by if (c < '0' || c > '7'). * The blank is ensured by get_mode(). * The path must contain at least one character. Signed-off-by: Martin Koegler <mkoegler@auto.tuwien.ac.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent 47ee06f
builtin-verify-tag.c
/*
* Builtin "git verify-tag"
*
* Copyright (c) 2007 Carlos Rica <jasampler@gmail.com>
*
* Based on git-verify-tag.sh
*/
#include "cache.h"
#include "builtin.h"
#include "tag.h"
#include "run-command.h"
#include <signal.h>
static const char builtin_verify_tag_usage[] =
"git-verify-tag [-v|--verbose] <tag>...";
#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
{
struct child_process gpg;
const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL};
char path[PATH_MAX], *eol;
size_t len;
int fd, ret;
fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
if (fd < 0)
return error("could not create temporary file '%s': %s",
path, strerror(errno));
if (write_in_full(fd, buf, size) < 0)
return error("failed writing temporary file '%s': %s",
path, strerror(errno));
close(fd);
/* find the length without signature */
len = 0;
while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
eol = memchr(buf + len, '\n', size - len);
len += eol ? eol - (buf + len) + 1 : size - len;
}
if (verbose)
write_in_full(1, buf, len);
memset(&gpg, 0, sizeof(gpg));
gpg.argv = args_gpg;
gpg.in = -1;
gpg.out = 1;
args_gpg[2] = path;
if (start_command(&gpg))
return error("could not run gpg.");
write_in_full(gpg.in, buf, len);
close(gpg.in);
gpg.close_in = 0;
ret = finish_command(&gpg);
unlink(path);
return ret;
}
static int verify_tag(const char *name, int verbose)
{
enum object_type type;
unsigned char sha1[20];
char *buf;
unsigned long size;
int ret;
if (get_sha1(name, sha1))
return error("tag '%s' not found.", name);
type = sha1_object_info(sha1, NULL);
if (type != OBJ_TAG)
return error("%s: cannot verify a non-tag object of type %s.",
name, typename(type));
buf = read_sha1_file(sha1, &type, &size);
if (!buf)
return error("%s: unable to read file.", name);
ret = run_gpg_verify(buf, size, verbose);
free(buf);
return ret;
}
int cmd_verify_tag(int argc, const char **argv, const char *prefix)
{
int i = 1, verbose = 0, had_error = 0;
git_config(git_default_config);
if (argc == 1)
usage(builtin_verify_tag_usage);
if (!strcmp(argv[i], "-v") || !strcmp(argv[i], "--verbose")) {
verbose = 1;
i++;
}
/* sometimes the program was terminated because this signal
* was received in the process of writing the gpg input: */
signal(SIGPIPE, SIG_IGN);
while (i < argc)
if (verify_tag(argv[i++], verbose))
had_error = 1;
return had_error;
}
Computing file changes ...
