From: Jeff King <peff@peff.net>
To: Erik Faye-Lund <kusmabite@gmail.com>
Cc: git@vger.kernel.org, gitster@pobox.com, schwab@linux-m68k.org
Subject: Re: [PATCH v2 4/4] use wrapper for unchecked setenv/putenv calls
Date: Wed, 14 Dec 2011 13:16:58 -0500 [thread overview]
Message-ID: <20111214181658.GA1691@sigill.intra.peff.net> (raw)
In-Reply-To: <1323871631-2872-5-git-send-email-kusmabite@gmail.com>
On Wed, Dec 14, 2011 at 03:07:11PM +0100, Erik Faye-Lund wrote:
> This avoids us from accidentally dropping state, possibly leading
> to unexpected behaviour.
I do think this is fine in a "be extra cautious" kind of way.
> This is especially important on Windows, where the maximum size of
> the environment is 32 kB.
But does your patch actually detect that? As Andreas pointed out, these
limits don't typically come into play at setenv time. Instead, the
environment is allocated on the heap, and then the result is passed to
exec/spawn, which will fail.
So your patch is really detecting a failure to malloc, not an overflow
of the environment size, and Windows is just as (un)likely to run out of
heap as any other platform.
You can check how your platform behaves by applying this patch:
diff --git a/git.c b/git.c
index f10e434..57f6b12 100644
--- a/git.c
+++ b/git.c
@@ -223,6 +223,16 @@ static int handle_alias(int *argcp, const char ***argv)
alias_argv[i] = (*argv)[i];
alias_argv[argc] = NULL;
+ /* make gigantic environment */
+ {
+ int len = 256 * 1024;
+ char *buf = xmalloc(len);
+ memset(buf, 'z', len);
+ buf[len-1] = '\0';
+ if (setenv("FOO", buf, 1))
+ die("setenv failed");
+ }
+
ret = run_command_v_opt(alias_argv, RUN_USING_SHELL);
if (ret >= 0) /* normal exit */
exit(ret);
and then running:
git -c alias.foo='!echo ok' foo
which yields:
fatal: cannot exec 'echo ok': Argument list too long
on Linux.
-Peff
PS I tried to come up with an invocation of git that would demonstrate
this, but it turns out it's really hard. The contents of environment
variables we set are either constants, come from the environment (so
they can't be too big already!), or come from filesystem paths. So
it's possible to overflow now, but you have to have a nearly-full
environment in the first place, and then have a long path that tips
it over the limit.
next prev parent reply other threads:[~2011-12-14 18:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-14 14:07 [PATCH v2 0/4] setenv/putenv errors Erik Faye-Lund
2011-12-14 14:07 ` [PATCH v2 1/4] compat/setenv.c: update errno when erroring out Erik Faye-Lund
2011-12-14 14:07 ` [PATCH v2 2/4] compat/setenv.c: error if name contains '=' Erik Faye-Lund
2011-12-14 14:07 ` [PATCH v2 3/4] wrapper: supply xsetenv and xputenv Erik Faye-Lund
2011-12-15 17:38 ` Junio C Hamano
2011-12-15 18:25 ` Erik Faye-Lund
2011-12-14 14:07 ` [PATCH v2 4/4] use wrapper for unchecked setenv/putenv calls Erik Faye-Lund
2011-12-14 18:16 ` Jeff King [this message]
2011-12-15 18:04 ` Erik Faye-Lund
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111214181658.GA1691@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=kusmabite@gmail.com \
--cc=schwab@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).