diff options
| author | Junio C Hamano <gitster@pobox.com> | 2016-03-17 09:55:54 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-03-17 11:22:24 -0700 |
| commit | 32c6dca8c428672c11a2a0ddf3cb2f7476caff86 (patch) | |
| tree | 4b4f7532ab4b0be6b2b59d7ff4cf09956b5987fd /http-push.c | |
| parent | a2558fb8e1e387b630312311e1d22c95663da5d0 (diff) | |
| parent | 2824e1841b99393d2469c495253d547c643bd8f1 (diff) | |
| download | git-32c6dca8c428672c11a2a0ddf3cb2f7476caff86.tar.gz git-32c6dca8c428672c11a2a0ddf3cb2f7476caff86.tar.xz | |
Merge branch 'jk/path-name-safety-2.4' into maint-2.4
Bugfix patches were backported from the 'master' front to plug heap
corruption holes, to catch integer overflow in the computation of
pathname lengths, and to get rid of the name_path API. Both of
these would have resulted in writing over an under-allocated buffer
when formulating pathnames while tree traversal.
* jk/path-name-safety-2.4:
list-objects: pass full pathname to callbacks
list-objects: drop name_path entirely
list-objects: convert name_path to a strbuf
show_object_with_name: simplify by using path_name()
http-push: stop using name_path
tree-diff: catch integer overflow in combine_diff_path allocation
add helpers for detecting size_t overflow
Diffstat (limited to 'http-push.c')
| -rw-r--r-- | http-push.c | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/http-push.c b/http-push.c index c98dad23d..834190941 100644 --- a/http-push.c +++ b/http-push.c @@ -1276,9 +1276,7 @@ static struct object_list **add_one_object(struct object *obj, struct object_lis } static struct object_list **process_blob(struct blob *blob, - struct object_list **p, - struct name_path *path, - const char *name) + struct object_list **p) { struct object *obj = &blob->object; @@ -1292,14 +1290,11 @@ static struct object_list **process_blob(struct blob *blob, } static struct object_list **process_tree(struct tree *tree, - struct object_list **p, - struct name_path *path, - const char *name) + struct object_list **p) { struct object *obj = &tree->object; struct tree_desc desc; struct name_entry entry; - struct name_path me; obj->flags |= LOCAL; @@ -1309,21 +1304,17 @@ static struct object_list **process_tree(struct tree *tree, die("bad tree object %s", sha1_to_hex(obj->sha1)); obj->flags |= SEEN; - name = xstrdup(name); p = add_one_object(obj, p); - me.up = path; - me.elem = name; - me.elem_len = strlen(name); init_tree_desc(&desc, tree->buffer, tree->size); while (tree_entry(&desc, &entry)) switch (object_type(entry.mode)) { case OBJ_TREE: - p = process_tree(lookup_tree(entry.sha1), p, &me, name); + p = process_tree(lookup_tree(entry.sha1), p); break; case OBJ_BLOB: - p = process_blob(lookup_blob(entry.sha1), p, &me, name); + p = process_blob(lookup_blob(entry.sha1), p); break; default: /* Subproject commit - not in this repository */ @@ -1342,7 +1333,7 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock) int count = 0; while ((commit = get_revision(revs)) != NULL) { - p = process_tree(commit->tree, p, NULL, ""); + p = process_tree(commit->tree, p); commit->object.flags |= LOCAL; if (!(commit->object.flags & UNINTERESTING)) count += add_send_request(&commit->object, lock); @@ -1361,11 +1352,11 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock) continue; } if (obj->type == OBJ_TREE) { - p = process_tree((struct tree *)obj, p, NULL, name); + p = process_tree((struct tree *)obj, p); continue; } if (obj->type == OBJ_BLOB) { - p = process_blob((struct blob *)obj, p, NULL, name); + p = process_blob((struct blob *)obj, p); continue; } die("unknown pending object %s (%s)", sha1_to_hex(obj->sha1), name); |