[PATCH 2/3] Bigfile: dynamically allocate buffer for marks file name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This prevents a buffer overrun that could otherwise be triggered by
creating a .git file with a long destination path and trying to "git
add" a file larger than the big-file threshold (which defaults to 512
MiB), ever since v1.7.6-rc0~31^2 (Bigfile: teach "git add" to send a
large file straight to a pack, 2011-05-08).

Signed-off-by: Jonathan Nieder <jrnieder@xxxxxxxxx>
---
 sha1_file.c |   20 +++++++++++++++-----
 1 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/sha1_file.c b/sha1_file.c
index 27f3b9b2..86705bc9 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -2697,20 +2697,28 @@ static int index_stream(unsigned char *sha1, int fd, size_t size,
 			unsigned flags)
 {
 	struct child_process fast_import;
-	char export_marks[512];
-	const char *argv[] = { "fast-import", "--quiet", export_marks, NULL };
-	char tmpfile[512];
+	const char *argv[4];	/* command, two args, NULL */
+	const char **arg;
+	struct strbuf export_marks = STRBUF_INIT;
+	char *tmpfile;
 	char fast_import_cmd[512];
 	char buf[512];
 	int len, tmpfd;
 
-	strcpy(tmpfile, git_path("hashstream_XXXXXX"));
+	strbuf_addstr(&export_marks, "--export-marks=");
+	strbuf_addstr(&export_marks, git_path("hashstream_XXXXXX"));
+	tmpfile = export_marks.buf + strlen("--export-marks=");
 	tmpfd = git_mkstemp_mode(tmpfile, 0600);
 	if (tmpfd < 0)
 		die_errno("cannot create tempfile: %s", tmpfile);
 	if (close(tmpfd))
 		die_errno("cannot close tempfile: %s", tmpfile);
-	sprintf(export_marks, "--export-marks=%s", tmpfile);
+
+	arg = argv;
+	*arg++ = "fast-import";
+	*arg++ = "--quiet";
+	*arg++ = export_marks.buf;
+	*arg++ = NULL;
 
 	memset(&fast_import, 0, sizeof(fast_import));
 	fast_import.in = -1;
@@ -2754,6 +2762,8 @@ static int index_stream(unsigned char *sha1, int fd, size_t size,
 	    memcmp(":1 ", buf, 3) ||
 	    get_sha1_hex(buf + 3, sha1))
 		die_errno("index-stream: unexpected fast-import mark: <%s>", buf);
+
+	strbuf_release(&export_marks);
 	return 0;
 }
 
-- 
1.7.8.rc0

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]