On Tue, Jun 18, 2013 at 07:43:49PM -0700, Brandon Casey wrote:
> From: Brandon Casey <draf...@gmail.com>
> Curl older than 7.17 (RHEL 4.X provides 7.12 and RHEL 5.X provides
> 7.15) requires that we manage any strings that we pass to it as
> pointers. So, we really shouldn't be modifying this strbuf after we
> have passed it to curl.
> Our interaction with curl is currently safe (before or after this
> patch) since the pointer that is passed to curl is never invalidated;
> it is repeatedly rewritten with the same sequence of characters but
> the strbuf functions never need to allocate a larger string, so the
> same memory buffer is reused.
> This "guarantee" of safety is somewhat subtle and could be overlooked
> by someone who may want to add a more complex handling of the username
> and password. So, let's stop modifying this strbuf after we have
> passed it to curl, but also leave a note to describe the assumptions
> that have been made about username/password lifetime and to draw
> attention to the code.
Acked-by: Jeff King <p...@peff.net>
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html