From: Junio C Hamano <gitster@pobox.com>
To: "René Scharfe" <l.s.r@web.de>
Cc: Git List <git@vger.kernel.org>,
Chandra Pratap <chandrapratap376@gmail.com>,
Chandra Pratap <chandrapratap3519@gmail.com>,
Jeff King <peff@peff.net>,
Kyle Lippincott <spectral@google.com>,
John Cai <johncai86@gmail.com>
Subject: Re: [PATCH 2/2] receive-pack: use find_commit_header() in check_nonce()
Date: Fri, 09 Feb 2024 14:18:22 -0800 [thread overview]
Message-ID: <xmqqmss9cmdt.fsf@gitster.g> (raw)
In-Reply-To: <8b350cae-2180-4ac7-a911-d40043576445@web.de> ("René Scharfe"'s message of "Fri, 9 Feb 2024 21:41:47 +0100")
René Scharfe <l.s.r@web.de> writes:
> @@ -620,17 +605,18 @@ static int constant_memequal(const char *a, const char *b, size_t n)
> for (i = 0; i < n; i++)
> res |= a[i] ^ b[i];
> return res;
> }
>
> -static const char *check_nonce(const char *buf, size_t len)
> +static const char *check_nonce(const char *buf)
> {
> - char *nonce = find_header(buf, len, "nonce", NULL);
> + size_t noncelen;
> + const char *found = find_commit_header(buf, "nonce", &noncelen);
> + char *nonce = found ? xmemdupz(found, noncelen) : NULL;
OK, the changes to this function are all quite trivially correct.
> timestamp_t stamp, ostamp;
> char *bohmac, *expect = NULL;
> const char *retval = NONCE_BAD;
> - size_t noncelen;
>
> if (!nonce) {
> retval = NONCE_MISSING;
> goto leave;
> } else if (!push_cert_nonce) {
> @@ -668,11 +654,10 @@ static const char *check_nonce(const char *buf, size_t len)
> if (bohmac == nonce || bohmac[0] != '-') {
> retval = NONCE_BAD;
> goto leave;
> }
>
> - noncelen = strlen(nonce);
> expect = prepare_push_cert_nonce(service_dir, stamp);
> if (noncelen != strlen(expect)) {
> /* This is not even the right size. */
> retval = NONCE_BAD;
> goto leave;
> @@ -765,11 +750,11 @@ static void prepare_push_cert_sha1(struct child_process *proc)
> sigcheck.payload = xmemdupz(push_cert.buf, bogs);
> sigcheck.payload_len = bogs;
> check_signature(&sigcheck, push_cert.buf + bogs,
> push_cert.len - bogs);
>
> - nonce_status = check_nonce(push_cert.buf, bogs);
> + nonce_status = check_nonce(sigcheck.payload);
Hmph. sigc->payload is used as a read-only member in
check_signature(), and the xmemdupz() copy we made earlier is
readily available as a replacement for the counted (push_cert.buf,
bogs) string. Very nice finding.
> }
> if (!is_null_oid(&push_cert_oid)) {
> strvec_pushf(&proc->env, "GIT_PUSH_CERT=%s",
> oid_to_hex(&push_cert_oid));
> strvec_pushf(&proc->env, "GIT_PUSH_CERT_SIGNER=%s",
> --
> 2.43.0
next prev parent reply other threads:[~2024-02-09 22:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-09 20:36 [PATCH 1/2] receive-pack: use find_commit_header() in check_cert_push_options() René Scharfe
2024-02-09 20:41 ` [PATCH 2/2] receive-pack: use find_commit_header() in check_nonce() René Scharfe
2024-02-09 22:18 ` Junio C Hamano [this message]
2024-06-19 17:13 ` [PATCH 3/2] commit: remove find_header_mem() René Scharfe
2024-06-19 17:31 ` Jeff King
2024-06-20 18:12 ` Junio C Hamano
2024-02-09 22:11 ` [PATCH 1/2] receive-pack: use find_commit_header() in check_cert_push_options() Junio C Hamano
2024-02-10 7:42 ` René Scharfe
2024-02-12 16:40 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqmss9cmdt.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=chandrapratap3519@gmail.com \
--cc=chandrapratap376@gmail.com \
--cc=git@vger.kernel.org \
--cc=johncai86@gmail.com \
--cc=l.s.r@web.de \
--cc=peff@peff.net \
--cc=spectral@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.