diff options
| author | Jeff King <peff@peff.net> | 2015-08-19 14:12:45 -0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2015-09-04 09:36:51 -0700 |
| commit | 5015f01c12a45a1042c1aa6b6f7f6b62bfa00ade (patch) | |
| tree | 755efbbdd95dc999a763d163d4627570a678f7b1 | |
| parent | c29edfefb6f6a3fef80172c16bcc34c826d417b0 (diff) | |
| download | git-5015f01c12a45a1042c1aa6b6f7f6b62bfa00ade.tar.gz | |
read_info_alternates: handle paths larger than PATH_MAX
This function assumes that the relative_base path passed
into it is no larger than PATH_MAX, and writes into a
fixed-size buffer. However, this path may not have actually
come from the filesystem; for example, add_submodule_odb
generates a path using a strbuf and passes it in. This is
hard to trigger in practice, though, because the long
submodule directory would have to exist on disk before we
would try to open its info/alternates file.
We can easily avoid the bug, though, by simply creating the
filename on the heap.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | sha1_file.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/sha1_file.c b/sha1_file.c index d7f1838c13..b231b62784 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -377,15 +377,12 @@ void read_info_alternates(const char * relative_base, int depth) char *map; size_t mapsz; struct stat st; - const char alt_file_name[] = "info/alternates"; - /* Given that relative_base is no longer than PATH_MAX, - ensure that "path" has enough space to append "/", the - file name, "info/alternates", and a trailing NUL. */ - char path[PATH_MAX + 1 + sizeof alt_file_name]; + char *path; int fd; - sprintf(path, "%s/%s", relative_base, alt_file_name); + path = xstrfmt("%s/info/alternates", relative_base); fd = git_open_noatime(path); + free(path); if (fd < 0) return; if (fstat(fd, &st) || (st.st_size == 0)) { |