diff options
| author | Johannes Sixt <johannes.sixt@telecom.at> | 2008-09-22 13:03:25 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2008-09-22 09:35:58 -0700 |
| commit | 79bbc7fb078f8cabe04020c4619be9b571371398 (patch) | |
| tree | bacda71c02d7e42cc96d2a3f1704b988f9cbaef7 /builtin-remote.c | |
| parent | cc185a6a8ac24737a26ec4b40cc401c2db8b2e97 (diff) | |
| download | git-79bbc7fb078f8cabe04020c4619be9b571371398.tar.gz | |
git-remote: do not use user input in a printf format string
'git remote show' substituted the remote name into a string that was later
used as a printf format string. If a remote name contains a printf format
specifier like this:
$ git remote add foo%sbar .
then the command
$ git remote show foo%sbar
would print garbage (if you are lucky) or crash. This fixes it.
Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin-remote.c')
| -rw-r--r-- | builtin-remote.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/builtin-remote.c b/builtin-remote.c index 01945a8651..4cb763f989 100644 --- a/builtin-remote.c +++ b/builtin-remote.c @@ -407,14 +407,15 @@ static int rm(int argc, const char **argv) return i; } -static void show_list(const char *title, struct string_list *list) +static void show_list(const char *title, struct string_list *list, + const char *extra_arg) { int i; if (!list->nr) return; - printf(title, list->nr > 1 ? "es" : ""); + printf(title, list->nr > 1 ? "es" : "", extra_arg); printf("\n "); for (i = 0; i < list->nr; i++) printf("%s%s", i ? " " : "", list->items[i].string); @@ -477,7 +478,6 @@ static int show(int argc, const char **argv) memset(&states, 0, sizeof(states)); for (; argc; argc--, argv++) { - struct strbuf buf; int i; get_remote_ref_states(*argv, &states, !no_query); @@ -503,18 +503,16 @@ static int show(int argc, const char **argv) } if (!no_query) { - strbuf_init(&buf, 0); - strbuf_addf(&buf, " New remote branch%%s (next fetch " - "will store in remotes/%s)", states.remote->name); - show_list(buf.buf, &states.new); - strbuf_release(&buf); + show_list(" New remote branch%s (next fetch " + "will store in remotes/%s)", + &states.new, states.remote->name); show_list(" Stale tracking branch%s (use 'git remote " - "prune')", &states.stale); + "prune')", &states.stale, ""); } if (no_query) for_each_ref(append_ref_to_tracked_list, &states); - show_list(" Tracked remote branch%s", &states.tracked); + show_list(" Tracked remote branch%s", &states.tracked, ""); if (states.remote->push_refspec_nr) { printf(" Local branch%s pushed with 'git push'\n ", |