On Mon, Oct 21, 2013 at 09:07:26PM +0200, Erik Faye-Lund wrote:

> I would argue that this is probably even a bug on Linux, only harder
> (if not impossible) to trigger by accident as there's probably no
> git-client that will generate such trees. But a "malicious" client
> might.

I've just been poking through the impacts of these overflows, for that
exact reason. I don't think any of them are easily triggerable by
somebody sending you a malicious tree (e.g., the `remove_subtree` one
only triggers when we have seen that tree in the filesystem, so it must
be limited to `PATH_MAX`). Some of them are triggerable if you use
particular options (e.g., the one in `match_order` is easy to trigger if
you use `diff -O`).

Still, they should all be fixed, even for Linux. I shouldn't have to
trace the provenance of the data back through 10 functions just to find
out a buffer overflow isn't easily exploitable. :)

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to