aboutsummaryrefslogtreecommitdiff
path: root/setup.c
diff options
context:
space:
mode:
authorErik Elfström <erik.elfstrom@gmail.com>2015-06-15 21:39:52 +0200
committerJunio C Hamano <gitster@pobox.com>2015-06-15 13:14:01 -0700
commit921bdd96afc17ca055af261066eabdf026cb2195 (patch)
tree4fb673cb9182575f264e4564f9981d862b993108 /setup.c
parenta93bedada88dc15b0143708e1cb87c8fe9b9c705 (diff)
downloadgit-921bdd96afc17ca055af261066eabdf026cb2195.tar.gz
git-921bdd96afc17ca055af261066eabdf026cb2195.tar.xz
setup: sanity check file size in read_gitfile_gently
read_gitfile_gently will allocate a buffer to fit the entire file that should be read. Add a sanity check of the file size before opening to avoid allocating a potentially huge amount of memory if we come across a large file that someone happened to name ".git". The limit is set to a sufficiently unreasonable size that should never be exceeded by a genuine .git file. Signed-off-by: Erik Elfström <erik.elfstrom@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'setup.c')
-rw-r--r--setup.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/setup.c b/setup.c
index 4748b6338..a03ca9423 100644
--- a/setup.c
+++ b/setup.c
@@ -414,6 +414,7 @@ static void update_linked_gitdir(const char *gitfile, const char *gitdir)
*/
const char *read_gitfile_gently(const char *path, int *return_error_code)
{
+ const int max_file_size = 1 << 20; /* 1MB */
int error_code = 0;
char *buf = NULL;
char *dir = NULL;
@@ -430,6 +431,10 @@ const char *read_gitfile_gently(const char *path, int *return_error_code)
error_code = READ_GITFILE_ERR_NOT_A_FILE;
goto cleanup_return;
}
+ if (st.st_size > max_file_size) {
+ error_code = READ_GITFILE_ERR_TOO_LARGE;
+ goto cleanup_return;
+ }
fd = open(path, O_RDONLY);
if (fd < 0) {
error_code = READ_GITFILE_ERR_OPEN_FAILED;
@@ -489,6 +494,8 @@ cleanup_return:
return NULL;
case READ_GITFILE_ERR_OPEN_FAILED:
die_errno("Error opening '%s'", path);
+ case READ_GITFILE_ERR_TOO_LARGE:
+ die("Too large to be a .git file: '%s'", path);
case READ_GITFILE_ERR_READ_FAILED:
die("Error reading %s", path);
case READ_GITFILE_ERR_INVALID_FORMAT: