Re: [PATCH] pkt-line: don't check string length in packet_length()

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Junio C Hamano <gitster@pobox.com>
To: "René Scharfe" <l.s.r@web.de>
Cc: Git List <git@vger.kernel.org>
Subject: Re: [PATCH] pkt-line: don't check string length in packet_length()
Date: Wed, 05 Jul 2023 13:33:11 -0700	[thread overview]
Message-ID: <xmqq4jmiyu7s.fsf@gitster.g> (raw)
In-Reply-To: <32f41065-a78c-aa60-0d78-4dbfa8827b1a@web.de> ("René Scharfe"'s message of "Wed, 5 Jul 2023 18:15:56 +0200")

René Scharfe <l.s.r@web.de> writes:

>> I do like the resulting code, but I feel a bit uneasy to sell this
>> change as "the code becomes more streamlined without losing safety".
>> It looks more like "this change is safe for our two callers; those
>> adding more callers in the future are better be very careful", no?
>
> With no way to enforce passing an array of a certain size to a function
> the only safe options I see are keeping the length check, using a macro
> or inlining the calculation.  Hmm.

We keep repeating "length check" because that is what the comment in
the function says, but even if the caller has 4-byte, that 4-byte
substring at the beginning is what it read from the untrusted side
over the network.  We should be checking if we have 4 hexadecimal
length even if we are not running beyond the end of the buffer, no?

So it may be that the comment needs to be fixed more than the code.

Thanks.

next prev parent reply	other threads:[~2023-07-05 20:33 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-01  7:05 [PATCH] pkt-line: don't check string length in packet_length() René Scharfe
2023-07-05  5:56 ` Junio C Hamano
2023-07-05 16:15   ` René Scharfe
2023-07-05 20:33     ` Junio C Hamano [this message]
2023-07-05 21:11       ` René Scharfe
2023-07-05 22:27         ` Junio C Hamano
2023-07-06  5:07           ` René Scharfe
2023-07-07 21:47 ` [PATCH v2] pkt-line: add size parameter to packet_length() René Scharfe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqq4jmiyu7s.fsf@gitster.g \
    --to=gitster@pobox.com \
    --cc=git@vger.kernel.org \
    --cc=l.s.r@web.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).