[PATCH v6 3/7] setup: sanity check file size in read_gitfile_gently

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

read_gitfile_gently will allocate a buffer to fit the entire file that
should be read. Add a sanity check of the file size before opening to
avoid allocating a potentially huge amount of memory if we come across
a large file that someone happened to name ".git". The limit is set to
a sufficiently unreasonable size that should never be exceeded by a
genuine .git file.

Signed-off-by: Erik Elfström <erik.elfstrom@xxxxxxxxx>
---
 cache.h | 1 +
 setup.c | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/cache.h b/cache.h
index 54c902b..7c8abcb 100644
--- a/cache.h
+++ b/cache.h
@@ -452,6 +452,7 @@ extern const char *get_git_work_tree(void);
 #define READ_GITFILE_ERR_NO_PATH 6
 #define READ_GITFILE_ERR_CANT_VERIFY_PATH 7
 #define READ_GITFILE_ERR_NOT_A_REPO 8
+#define READ_GITFILE_ERR_TOO_LARGE 9
 extern const char *read_gitfile_gently(const char *path, int *return_error_code);
 #define read_gitfile(path) read_gitfile_gently((path), NULL)
 extern const char *resolve_gitdir(const char *suspect);
diff --git a/setup.c b/setup.c
index b919ea6..bfaf4a6 100644
--- a/setup.c
+++ b/setup.c
@@ -381,6 +381,7 @@ static int check_repository_format_gently(const char *gitdir, int *nongit_ok)
  */
 const char *read_gitfile_gently(const char *path, int *return_error_code)
 {
+	static const int one_MB = 1 << 20;
 	int error_code = 0;
 	char *buf = NULL;
 	char *dir = NULL;
@@ -404,6 +405,11 @@ const char *read_gitfile_gently(const char *path, int *return_error_code)
 		error_code = READ_GITFILE_ERR_OPEN_FAILED;
 		goto cleanup_return;
 	}
+	if (st.st_size > one_MB) {
+		close(fd);
+		error_code = READ_GITFILE_ERR_TOO_LARGE;
+		goto cleanup_return;
+	}
 	buf = xmalloc(st.st_size + 1);
 	len = read_in_full(fd, buf, st.st_size);
 	close(fd);
@@ -463,6 +469,8 @@ cleanup_return:
 			return NULL;
 		case READ_GITFILE_ERR_OPEN_FAILED:
 			die_errno("Error opening '%s'", path);
+		case READ_GITFILE_ERR_TOO_LARGE:
+			die("Too large to be a .git file: '%s'", path);
 		case READ_GITFILE_ERR_READ_FAILED:
 			die("Error reading %s", path);
 		case READ_GITFILE_ERR_INVALID_FORMAT:
-- 
2.4.0.60.gf7143f7

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]