Re: [PATCH v4 4/6] list-objects: filter objects in traverse_commit_list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 16 Nov 2017 18:07:41 +0000
Jeff Hostetler <git@xxxxxxxxxxxxxxxxx> wrote:

> +/*
> + * Return 1 if the given string needs armoring because of "special"
> + * characters that may cause injection problems when a command passes
> + * the argument to a subordinate command (such as when upload-pack
> + * launches pack-objects).
> + *
> + * The usual alphanumeric and key punctuation do not trigger it.
> + */ 
> +static int arg_needs_armor(const char *arg)

First of all, about the injection problem, replying to your previous e-mail
[1]:

https://public-inbox.org/git/61855872-221b-0e97-abaa-24a011ad899e@xxxxxxxxxxxxxxxxx/

> I couldn't use quote.[ch] because it is more concerned with
> quoting pathnames because of LF and CR characters within
> them -- rather than semicolons and quotes and the like which
> I was concerned about.

sq_quote_buf() (or one of the other similarly-named functions) should
solve this problem, right? The single quotes around the argument takes
care of LF, CR, and semicolons, and things like backslashes and quotes
are taken care of as documented.

I don't think we need to invent another encoding to solve this.

> +{
> +	const unsigned char *p;
> +
> +	for (p = (const unsigned char *)arg; *p; p++) {
> +		if (*p >= 'a' && *p <= 'z')
> +			continue;
> +		if (*p >= 'A' && *p <= 'Z')
> +			continue;
> +		if (*p >= '0' && *p <= '9')
> +			continue;
> +		if (*p == '-' || *p == '_' || *p == '.' || *p == '/')
> +			continue;

If we do take this approach, can ':' also be included?

> +	if (skip_prefix(arg, "sparse:oid=", &v0)) {
> +		struct object_context oc;
> +		struct object_id sparse_oid;
> +
> +		/*
> +		 * Try to parse <oid-expression> into an OID for the current
> +		 * command, but DO NOT complain if we don't have the blob or
> +		 * ref locally.
> +		 */
> +		if (!get_oid_with_context(v0, GET_OID_BLOB,
> +					  &sparse_oid, &oc))
> +			filter_options->sparse_oid_value = oiddup(&sparse_oid);
> +		filter_options->choice = LOFC_SPARSE_OID;
> +		if (arg_needs_armor(v0))
> +			filter_options->requires_armor = v0 - arg;
> +		return 0;
> +	}

In your previous e-mail, you mentioned:

> yes.  I always pass filter_options.raw_value over the wire.
> The code above tries to parse it and put it in an OID for
> private use by the current process -- just like the size limit
> value in the blob:limit filter.

So I think this function should complain if you don't have the blob or
ref locally. (I envision that if a filter string is to be directly sent
to a server, it should be stored as a string, not processed by this
function first.)



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux