From: Dmitry Potapov <dpotapov@gmail.com>
To: Johannes Sixt <j.sixt@viscovery.net>
Cc: git@vger.kernel.org, Johannes Schindelin <Johannes.Schindelin@gmx.de>
Subject: [PATCH v2] Fix buffer overflow in prepare_attr_stack
Date: Wed, 16 Jul 2008 19:39:55 +0400 [thread overview]
Message-ID: <20080716153955.GE2925@dpotapov.dyndns.org> (raw)
In-Reply-To: <487E11F7.60601@viscovery.net>
If PATH_MAX on your system is smaller than a path stored in the git repo,
it may cause the buffer overflow in prepare_attr_stack.
Signed-off-by: Dmitry Potapov <dpotapov@gmail.com>
---
On Wed, Jul 16, 2008 at 05:21:27PM +0200, Johannes Sixt wrote:
> Dmitry Potapov schrieb:
> > + pathbuf.len = 0;
>
> + strbuf_reset(&pathbuf);
>
> -- Hannes
attr.c | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/attr.c b/attr.c
index 0fb47d3..17f6a4d 100644
--- a/attr.c
+++ b/attr.c
@@ -459,7 +459,9 @@ static void prepare_attr_stack(const char *path, int dirlen)
{
struct attr_stack *elem, *info;
int len;
- char pathbuf[PATH_MAX];
+ struct strbuf pathbuf;
+
+ strbuf_init(&pathbuf, dirlen+2+strlen(GITATTRIBUTES_FILE));
/*
* At the bottom of the attribute stack is the built-in
@@ -510,13 +512,14 @@ static void prepare_attr_stack(const char *path, int dirlen)
len = strlen(attr_stack->origin);
if (dirlen <= len)
break;
- memcpy(pathbuf, path, dirlen);
- memcpy(pathbuf + dirlen, "/", 2);
- cp = strchr(pathbuf + len + 1, '/');
+ strbuf_reset(&pathbuf);
+ strbuf_add(&pathbuf, path, dirlen);
+ strbuf_addch(&pathbuf, '/');
+ cp = strchr(pathbuf.buf + len + 1, '/');
strcpy(cp + 1, GITATTRIBUTES_FILE);
- elem = read_attr(pathbuf, 0);
+ elem = read_attr(pathbuf.buf, 0);
*cp = '\0';
- elem->origin = strdup(pathbuf);
+ elem->origin = strdup(pathbuf.buf);
elem->prev = attr_stack;
attr_stack = elem;
debug_push(elem);
--
1.5.6.3.3.geccd
next prev parent reply other threads:[~2008-07-16 15:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-16 10:15 [PATCH] Fix buffer overflow in git-grep Dmitry Potapov
2008-07-16 10:35 ` Johannes Schindelin
2008-07-16 11:54 ` Dmitry Potapov
2008-07-16 14:33 ` Dmitry Potapov
2008-07-16 14:47 ` Johannes Schindelin
2008-07-16 14:54 ` [PATCH] Fix buffer overflow in git diff Dmitry Potapov
2008-07-16 14:54 ` [PATCH] Fix buffer overflow in prepare_attr_stack Dmitry Potapov
2008-07-16 15:21 ` Johannes Sixt
2008-07-16 15:39 ` Dmitry Potapov [this message]
2008-07-16 15:33 ` [PATCH v2] Fix buffer overflow in git-grep Dmitry Potapov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080716153955.GE2925@dpotapov.dyndns.org \
--to=dpotapov@gmail.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=j.sixt@viscovery.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).