Re: What's in git.git (Mar 2009, #02; Thu, 05)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "René Scharfe" <rene.scharfe@lsrfire.ath.cx>
To: Junio C Hamano <gitster@pobox.com>, carlos.duclos@nokia.com
Cc: git@vger.kernel.org
Subject: Re: What's in git.git (Mar 2009, #02; Thu, 05)
Date: Sat, 07 Mar 2009 20:14:12 +0100	[thread overview]
Message-ID: <49B2C784.90800@lsrfire.ath.cx> (raw)
In-Reply-To: <7vfxhs2shk.fsf@gitster.siamese.dyndns.org>

Junio C Hamano schrieb:
> * The 'master' branch has these since v1.6.2 in addition to the above.
> 
> Carlos Manuel Duclos Vergara (1):
>   git-archive: add --output=<file> to send output to a file

It just hit me that this is option can be used for a DoS attack (or
perhaps worse) when used in connection with --remote.  We need to apply
it on the client side instead of sending it to the remote end.  And
git-upload-archive needs to filter it out.  Ugh.

Here's a quick and dirty patch to do the latter.

---
 archive.c |   14 +++++++++-----
 archive.h |    2 +-
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/archive.c b/archive.c
index c6aea83..c7534d7 100644
--- a/archive.c
+++ b/archive.c
@@ -260,7 +260,8 @@ static void create_output_file(const char *output_file)
 	  PARSE_OPT_NOARG | PARSE_OPT_NONEG | PARSE_OPT_HIDDEN, NULL, (p) }
 
 static int parse_archive_args(int argc, const char **argv,
-		const struct archiver **ar, struct archiver_args *args)
+			      const struct archiver **ar,
+			      struct archiver_args *args, int local)
 {
 	const char *format = "tar";
 	const char *base = NULL;
@@ -310,8 +311,11 @@ static int parse_archive_args(int argc, const char **argv,
 	if (!base)
 		base = "";
 
-	if (output)
+	if (output) {
+		if (!local)
+			die("Unexpected option --output");
 		create_output_file(output);
+	}
 
 	if (list) {
 		for (i = 0; i < ARRAY_SIZE(archivers); i++)
@@ -343,13 +347,13 @@ static int parse_archive_args(int argc, const char **argv,
 }
 
 int write_archive(int argc, const char **argv, const char *prefix,
-		int setup_prefix)
+		int local)
 {
 	const struct archiver *ar = NULL;
 	struct archiver_args args;
 
-	argc = parse_archive_args(argc, argv, &ar, &args);
-	if (setup_prefix && prefix == NULL)
+	argc = parse_archive_args(argc, argv, &ar, &args, local);
+	if (local && prefix == NULL)
 		prefix = setup_git_directory();
 
 	parse_treeish_arg(argv, &args, prefix);
diff --git a/archive.h b/archive.h
index 0b15b35..f6c3c89 100644
--- a/archive.h
+++ b/archive.h
@@ -24,6 +24,6 @@ extern int write_tar_archive(struct archiver_args *);
 extern int write_zip_archive(struct archiver_args *);
 
 extern int write_archive_entries(struct archiver_args *args, write_archive_entry_fn_t write_entry);
-extern int write_archive(int argc, const char **argv, const char *prefix, int setup_prefix);
+extern int write_archive(int argc, const char **argv, const char *prefix, int local);
 
 #endif	/* ARCHIVE_H */
-- 
1.6.2

next prev parent reply	other threads:[~2009-03-07 19:15 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-03-05 10:07 What's in git.git (Mar 2009, #02; Thu, 05) Junio C Hamano
2009-03-07 19:14 ` René Scharfe [this message]
2009-03-08 18:12   ` [PATCH 1/4] parseopt: add PARSE_OPT_KEEP_UNKNOWN René Scharfe
2009-03-08 20:24     ` Junio C Hamano
2009-03-08 20:30       ` Junio C Hamano
2009-03-09 20:26       ` [PATCH 5/4] parseopt: document KEEP_ARGV0, KEEP_UNKNOWN, NO_INTERNAL_HELP René Scharfe
2009-03-09 20:57       ` [PATCH 6/4] parseopt: prevent KEEP_UNKNOWN and STOP_AT_NON_OPTION from being used together René Scharfe
2009-03-08 18:15   ` [PATCH 2/4] parseopt: add PARSE_OPT_NO_INTERNAL_HELP René Scharfe
2009-03-08 18:16   ` [PATCH 3/4] parseopt: make usage optional René Scharfe
2009-03-08 20:25     ` Junio C Hamano
2009-03-09 20:19       ` René Scharfe
2009-03-08 18:21   ` [PATCH 4/4] archive: use parseopt for local-only options René Scharfe
2009-03-08 20:20     ` Junio C Hamano

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c6aea83 dfblob:c7534d7 dfblob:0b15b35 dfblob:f6c3c89 )
 OR (
bs:"Re: What's in git.git (Mar 2009, #02; Thu, 05)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=49B2C784.90800@lsrfire.ath.cx \
    --to=rene.scharfe@lsrfire.ath.cx \
    --cc=carlos.duclos@nokia.com \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.