On Tue, Jun 18, 2013 at 07:43:49PM -0700, Brandon Casey wrote: > From: Brandon Casey <drafnel@xxxxxxxxx> > > Curl older than 7.17 (RHEL 4.X provides 7.12 and RHEL 5.X provides > 7.15) requires that we manage any strings that we pass to it as > pointers. So, we really shouldn't be modifying this strbuf after we > have passed it to curl. > > Our interaction with curl is currently safe (before or after this > patch) since the pointer that is passed to curl is never invalidated; > it is repeatedly rewritten with the same sequence of characters but > the strbuf functions never need to allocate a larger string, so the > same memory buffer is reused. > > This "guarantee" of safety is somewhat subtle and could be overlooked > by someone who may want to add a more complex handling of the username > and password. So, let's stop modifying this strbuf after we have > passed it to curl, but also leave a note to describe the assumptions > that have been made about username/password lifetime and to draw > attention to the code. Thanks. Acked-by: Jeff King <peff@xxxxxxxx> -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html