On Fri, May 03, 2024 at 03:12:36PM -0400, Taylor Blau wrote: > Commit 3c50032ff52 (attr: ignore overly large gitattributes files, > 2022-12-01) added a defense-in-depth check to ensure that .gitattributes > blobs read from the index do not exceed ATTR_MAX_FILE_SIZE (100 MB). > > But there were two cases added shortly after 3c50032ff52 was written > which do not apply similar protections: > > - 47cfc9bd7d0 (attr: add flag `--source` to work with tree-ish, > 2023-01-14) > > - 4723ae1007f (attr.c: read attributes in a sparse directory, > 2023-08-11) added a similar > > Ensure that we refuse to process a .gitattributes blob exceeding > ATTR_MAX_FILE_SIZE when reading from either an arbitrary tree object or > a sparse directory. This is done by pushing the ATTR_MAX_FILE_SIZE check > down into the low-level `read_attr_from_buf()`. > > In doing so, plug a leak in `read_attr_from_index()` where we would > accidentally leak the large buffer upon detecting it is too large to > process. > > (Since `read_attr_from_buf()` handles a NULL buffer input, we can remove > a NULL check before calling it in `read_attr_from_index()` as well). > > Co-authored-by: Jeff King <peff@xxxxxxxx> > Signed-off-by: Jeff King <peff@xxxxxxxx> > Signed-off-by: Taylor Blau <me@xxxxxxxxxxxx> > --- This patch looks good to me, thanks! Patrick
Attachment:
signature.asc
Description: PGP signature
