summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <junkio@cox.net>2005-10-02 17:29:21 -0700
committerJunio C Hamano <junkio@cox.net>2005-10-02 17:29:21 -0700
commitc807f771947de65dceb22960d1a093d702f42105 (patch)
treec719f13a676484600e41e99f30087498ccd6725b
parent91dd674e30ba0298e89c9be2657024805170c2ac (diff)
downloadgit-c807f771947de65dceb22960d1a093d702f42105.tar.gz
Fix minor DOS in rev-list.
A carefully crafted pathname can be used to disrupt downstream git-pack-objects that uses 'git-rev-list --objects' output. Prevent this. Signed-off-by: Junio C Hamano <junkio@cox.net>
-rw-r--r--rev-list.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/rev-list.c b/rev-list.c
index 523fda07e1..5ec9ccb603 100644
--- a/rev-list.c
+++ b/rev-list.c
@@ -194,7 +194,17 @@ static void show_commit_list(struct commit_list *list)
die("unknown pending object %s (%s)", sha1_to_hex(obj->sha1), name);
}
while (objects) {
- printf("%s %s\n", sha1_to_hex(objects->item->sha1), objects->name);
+ /* An object with name "foo\n0000000000000000000000000000000000000000"
+ * can be used confuse downstream git-pack-objects very badly.
+ */
+ const char *ep = strchr(objects->name, '\n');
+ if (ep) {
+ printf("%s %.*s\n", sha1_to_hex(objects->item->sha1),
+ (int) (ep - objects->name),
+ objects->name);
+ }
+ else
+ printf("%s %s\n", sha1_to_hex(objects->item->sha1), objects->name);
objects = objects->next;
}
}