diff options
| author | Jeff King <peff@peff.net> | 2019-04-05 14:13:10 -0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2019-04-16 16:58:21 +0900 |
| commit | b83a3089b584f622054e85b9bacbd18014259b7c (patch) | |
| tree | 45a47f025d4ebe8e740bee0388f24c35d6d305e0 /builtin/commit.c | |
| parent | http: simplify parsing of remote objects/info/packs (diff) | |
| download | git-b83a3089b584f622054e85b9bacbd18014259b7c.tar.gz git-b83a3089b584f622054e85b9bacbd18014259b7c.zip | |
server-info: fix blind pointer arithmetic
When we're writing out a new objects/info/packs file, we read back the
old one to try to keep the ordering the same. When we see a line
starting with "P", we expect "P pack-1234..." and blindly jump to "line
+ 2" to parse the pack name. If we saw a line with _just_ "P" and
nothing else, we'd jump past the end of the buffer and start reading
arbitrary memory.
This shouldn't be a big attack vector, as the files are local to the
repository and written by us, but it's clearly worth fixing (we do read
remote copies of the file for dumb-http fetches, but using a totally
different parser!).
Let's instead use skip_prefix() here, which avoids pointer arithmetic
altogether. Note that this converts our switch statement to an if/else
chain, making it slightly more verbose. But it will also make it easier
to do a few follow-on cleanups.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/commit.c')
0 files changed, 0 insertions, 0 deletions