From 0c3db67cc8137cebea5b1a9c3c7fc379ef8ffda6 Mon Sep 17 00:00:00 2001 From: Eric Sunshine Date: Mon, 4 May 2015 03:25:15 -0400 Subject: hash-object --literally: fix buffer overrun with extra-long object type "hash-object" learned in 5ba9a93 (hash-object: add --literally option, 2014-09-11) to allow crafting a corrupt/broken object of unknown type. When the user-provided type is particularly long, however, it can overflow the relatively small stack-based character array handed to write_sha1_file_prepare() by hash_sha1_file() and write_sha1_file(), leading to stack corruption (and crash). Introduce a custom helper to allow arbitrarily long typenames just for "hash-object --literally". [jc: Eric's original used a strbuf in the more common codepaths, and I rewrote it to avoid penalizing the non-literally code. Bugs are mine] Signed-off-by: Eric Sunshine Signed-off-by: Junio C Hamano --- cache.h | 1 + 1 file changed, 1 insertion(+) (limited to 'cache.h') diff --git a/cache.h b/cache.h index dfa1a5696d..e037cadf4c 100644 --- a/cache.h +++ b/cache.h @@ -888,6 +888,7 @@ static inline const unsigned char *lookup_replace_object_extended(const unsigned extern int sha1_object_info(const unsigned char *, unsigned long *); extern int hash_sha1_file(const void *buf, unsigned long len, const char *type, unsigned char *sha1); extern int write_sha1_file(const void *buf, unsigned long len, const char *type, unsigned char *return_sha1); +extern int hash_sha1_file_literally(const void *buf, unsigned long len, const char *type, unsigned char *sha1, unsigned flags); extern int pretend_sha1_file(void *, unsigned long, enum object_type, unsigned char *); extern int force_object_loose(const unsigned char *sha1, time_t mtime); extern int git_open_noatime(const char *name); -- cgit v1.2.1