From: "René Scharfe" <l.s.r@web.de>
To: Jeff King <peff@peff.net>
Cc: "Git List" <git@vger.kernel.org>,
"Junio C Hamano" <gitster@pobox.com>,
"Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
Subject: Re: [PATCH] tree-walk: disallow overflowing modes
Date: Sun, 22 Jan 2023 11:03:38 +0100 [thread overview]
Message-ID: <044bdc8f-fdc9-dfd2-6cbb-941513467524@web.de> (raw)
In-Reply-To: <Y8zquGar3rLyRdTp@coredump.intra.peff.net>
Am 22.01.23 um 08:50 schrieb Jeff King:
> On Sat, Jan 21, 2023 at 10:36:09AM +0100, René Scharfe wrote:
>
>> When parsing tree entries, reject mode values that don't fit into an
>> unsigned int.
>
> Seems reasonable. I don't think you can cause any interesting mischief
> here, but it's cheap to check, and finding data problems earlier rather
> than later is always good.
>
> Should it be s/unsigned int/uint16_t/, though?
"mode" is declared as unsigned int, and I was more concerned with
overflowing that.
We could be more strict and reject everything that oversteps
S_IFMT|ALLPERMS, but the latter is not defined everywhere. But
permission bits are well-known, so the magic number 07777 should be
recognizable enough. Like this?
--- >8 ---
Subject: [PATCH v2] tree-walk: disallow overflowing modes
When parsing tree entries, reject mode values with bits set outside file
type mask and permission bits.
Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: René Scharfe <l.s.r@web.de>
---
tree-walk.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tree-walk.c b/tree-walk.c
index 74f4d710e8..62da0e5c73 100644
--- a/tree-walk.c
+++ b/tree-walk.c
@@ -18,6 +18,8 @@ static const char *get_mode(const char *str, unsigned int *modep)
if (c < '0' || c > '7')
return NULL;
mode = (mode << 3) + (c - '0');
+ if (mode & ~(S_IFMT | 07777))
+ return NULL;
}
*modep = mode;
return str;
--
2.39.1
next prev parent reply other threads:[~2023-01-22 10:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-21 9:36 [PATCH] tree-walk: disallow overflowing modes René Scharfe
2023-01-22 7:50 ` Jeff King
2023-01-22 10:03 ` René Scharfe [this message]
2023-01-22 16:36 ` Junio C Hamano
2023-01-22 22:02 ` Jeff King
2023-01-23 8:33 ` Ævar Arnfjörð Bjarmason
2023-01-24 18:53 ` René Scharfe
2023-01-24 20:44 ` Junio C Hamano
2023-01-26 11:36 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=044bdc8f-fdc9-dfd2-6cbb-941513467524@web.de \
--to=l.s.r@web.de \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.