Re: [PATCH] mktag.c: improve verification of tagger field and tests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Junio C Hamano wrote:
> By the way, I
>    think tagger information should get the same validation as committer
>    and author information gets elsewhere in the system;

I agree. Do you have any pointers to suggest? I haven't seen any place in
the code that does thorough validation. Usually, these fields are generated
within git, or converted to the internal form using some dwim procedure.

I keyed on get_ac_line() in builtin-blame.c and force_author in builtin-commit.c

builtin-commit.c searches for the angle brackets '<' and '>' as a validation
for the argument to --author.

get_ac_line() searches from the end of the string and sets tz, timestamp,
and email to the last space-separated entries. timestamp is fed to strtoul
and tz is fed to atoi. These two both skip leading space, but they are
never fed leading space from get_ac_line().

date.c:parse_date() keys on +\- to recognize timezone.

I think I'll make all of the optional components non-optional and make the
format a little stricter.

-brandon

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux