Re: [PATCH 3/5] path.c: Use vsnpath() in the implementation of git_path()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Junio C Hamano wrote:
> Ramsay Jones <ramsay@xxxxxxxxxxxxxxxxxxx> writes:
> 
>> The current implementation of git_path() is essentially the same as
>> that of vsnpath(), with two minor differences. First, git_path()
>> currently insists that the git directory path is no longer than
>> PATH_MAX-100 characters in length. However, vsnpath() does not
>> attempt this arbitrary 100 character reservation for the remaining
>> path components. Second, vsnpath() uses the "is_dir_sep()" macro,
>> rather than comparing directly to '/', to determine if the git_dir
>> path component ends with a path separator.
>> In order to benefit from the above improvements,...
> 
> In the longer term, I think this goes in the right direction, but
> the loss of reservation, especially when we know git_path() is used
> by some callers to get the base directory in $GIT_DIR that want to
> append stuff after the returned directory path to form the final
> pathname, is a bit worrysome.  It may be hiding a bug (lack of
> proper limit check) on the callers' side.

Hmm, at first I could not see what you found worrysome here.
After all, the number of inputs which leads to success (i.e. does
not result in an "/bad-path/" return) has been *increased* with
this patch.

However, I suppose you are concerned about something like this:

    char *git_dir = git_path("");
    if (strcmp(git_dir, "/bad-path/") != 0) {
        /*
         * Having studied the implementation of git_path(), I know
         * that the buffer pointed to by git_dir has space for an
         * additional 100 chars. This is enough room to concatenate
         * the doberry path, so this is safe ...
         */
        strcat(git_dir, doberry); /* oops */
    }

Yes?

Hmm, yes it would be a little disapointing to see such parasitic code!
;-)

You said above: "... especially when we know git_path() is used
by some callers to get the base directory in $GIT_DIR ...". Can you
point me to an example of such a caller; I have been unable to find
any code which does this.

ATB,
Ramsay Jones



--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]