From: Jeff King <peff@peff.net>
To: git@vger.kernel.org
Subject: [PATCH 05/16] apply: use skip_prefix instead of raw addition
Date: Wed, 18 Jun 2014 15:45:34 -0400 [thread overview]
Message-ID: <20140618194534.GE22622@sigill.intra.peff.net> (raw)
In-Reply-To: <20140618194117.GA22269@sigill.intra.peff.net>
A submodule diff generally has content like:
-Subproject commit [0-9a-f]{40}
+Subproject commit [0-9a-f]{40}
When we are using "git apply --index" with a submodule, we
first apply the textual diff, and then parse that result to
figure out the new sha1.
If the diff has bogus input like:
-Subproject commit 1234567890123456789012345678901234567890
+bogus
we will parse the "bogus" portion. Our parser assumes that
the buffer starts with "Subproject commit", and blindly
skips past it using strlen(). This can cause us to read
random memory after the buffer.
This problem was unlikely to have come up in practice (since
it requires a malformed diff), and even when it did, we
likely noticed the problem anyway as the next operation was
to call get_sha1_hex on the random memory.
However, we can easily fix it by using skip_prefix to notice
the parsing error.
Signed-off-by: Jeff King <peff@peff.net>
---
builtin/apply.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/builtin/apply.c b/builtin/apply.c
index 9c5724e..bc924ab 100644
--- a/builtin/apply.c
+++ b/builtin/apply.c
@@ -3847,9 +3847,10 @@ static void add_index_file(const char *path, unsigned mode, void *buf, unsigned
ce->ce_flags = create_ce_flags(0);
ce->ce_namelen = namelen;
if (S_ISGITLINK(mode)) {
- const char *s = buf;
+ const char *s;
- if (get_sha1_hex(s + strlen("Subproject commit "), ce->sha1))
+ if (!skip_prefix(buf, "Subproject commit ", &s) ||
+ get_sha1_hex(s, ce->sha1))
die(_("corrupt patch for submodule %s"), path);
} else {
if (!cached) {
--
2.0.0.566.gfe3e6b2
next prev parent reply other threads:[~2014-06-18 19:45 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-18 19:41 [PATCH 0/16] skip_prefix refactoring and cleanups Jeff King
2014-06-18 19:41 ` [PATCH 01/16] parse_diff_color_slot: drop ofs parameter Jeff King
2014-06-18 19:41 ` [PATCH 02/16] daemon: mark some strings as const Jeff King
2014-06-18 19:42 ` [PATCH 03/16] avoid using skip_prefix as a boolean Jeff King
2014-06-18 19:44 ` [PATCH 04/16] refactor skip_prefix to return " Jeff King
2014-06-20 1:59 ` Eric Sunshine
2014-06-20 2:08 ` Jeff King
2014-06-20 2:30 ` Eric Sunshine
2014-06-20 2:38 ` Jeff King
2014-06-23 18:50 ` Junio C Hamano
2014-06-23 21:07 ` Jeff King
2014-06-23 21:32 ` [PATCH] builtin/clone.c: detect a clone starting at a tag correctly Junio C Hamano
2014-06-18 19:45 ` Jeff King [this message]
2014-06-18 19:46 ` [PATCH 06/16] fast-import: fix read of uninitialized argv memory Jeff King
2014-06-18 19:47 ` [PATCH 07/16] transport-helper: avoid reading past end-of-string Jeff King
2014-06-18 19:47 ` [PATCH 08/16] use skip_prefix to avoid magic numbers Jeff King
2014-06-23 21:44 ` Junio C Hamano
2014-07-01 17:35 ` Jeff King
2014-06-18 19:48 ` [PATCH 09/16] use skip_prefix to avoid repeating strings Jeff King
2014-06-18 19:49 ` [PATCH 10/16] fast-import: use skip_prefix for parsing input Jeff King
2014-06-20 3:19 ` Eric Sunshine
2014-06-20 5:45 ` Jeff King
2014-06-20 8:59 ` Eric Sunshine
2014-06-18 19:49 ` [PATCH 11/16] daemon: use skip_prefix to avoid magic numbers Jeff King
2014-06-18 19:51 ` [PATCH 12/16] stat_opt: check extra strlen call Jeff King
2014-06-18 19:51 ` [PATCH 13/16] fast-import: refactor parsing of spaces Jeff King
2014-06-18 19:56 ` [PATCH 14/16] fetch-pack: refactor parsing in get_ack Jeff King
2014-06-20 5:15 ` Eric Sunshine
2014-06-18 19:56 ` [PATCH 15/16] git: avoid magic number with skip_prefix Jeff King
2014-06-18 19:57 ` [PATCH 16/16] use skip_prefix to avoid repeated calculations Jeff King
2014-06-19 5:22 ` [PATCH 0/16] skip_prefix refactoring and cleanups Tanay Abhra
2014-06-19 21:58 ` [PATCH 17/16] http-push: refactor parsing of remote object names Jeff King
2014-06-19 22:08 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140618194534.GE22622@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).