Re: [PATCH v2 3/6] Make sure fsck_commit_buffer() does not run out of the buffer

Wed, 10 Sep 2014 13:46:00 -0700 

On Wed, Sep 10, 2014 at 9:52 AM, Johannes Schindelin
<[email protected]> wrote:
> So far, we assumed that the buffer is NUL terminated, but this is not
> a safe assumption, now that we opened the fsck_object() API to pass a
> buffer directly.
>
> So let's make sure that there is at least an empty line in the buffer.
> That way, our checks would fail if the empty line was encountered
> prematurely, and consequently we can get away with the current string
> comparisons even with non-NUL-terminated buffers are passed to
> fsck_object().
>
> Signed-off-by: Johannes Schindelin <[email protected]>
> ---
>  fsck.c | 23 +++++++++++++++++++++++
>  1 file changed, 23 insertions(+)
>
> diff --git a/fsck.c b/fsck.c
> index dd77628..9dd7d12 100644
> --- a/fsck.c
> +++ b/fsck.c
> @@ -237,6 +237,26 @@ static int fsck_tree(struct tree *item, int strict, 
> fsck_error error_func)
>         return retval;
>  }
>
> +static int require_end_of_header(const void *data, unsigned long size,
> +       struct object *obj, fsck_error error_func)
> +{
> +       const char *buffer = (const char *)data;
> +       int i;
> +
> +       for (i = 0; i < size; i++) {

Should 'i' have type 'unsigned long', rather than 'int', to be
consistent with the type of 'size'?

> +               switch (buffer[i]) {
> +               case '\0':
> +                       return error_func(obj, FSCK_ERROR,
> +                               "invalid message: NUL at offset %d", i);
> +               case '\n':
> +                       if (i + 1 < size && buffer[i + 1] == '\n')
> +                               return 0;
> +               }
> +       }
> +
> +       return error_func(obj, FSCK_ERROR, "invalid buffer: missing empty 
> line");
> +}
> +
>  static int fsck_ident(const char **ident, struct object *obj, fsck_error 
> error_func)
>  {
>         char *end;
> @@ -284,6 +304,9 @@ static int fsck_commit_buffer(struct commit *commit, 
> const char *buffer,
>         unsigned parent_count, parent_line_count = 0;
>         int err;
>
> +       if (require_end_of_header(buffer, size, &commit->object, error_func))
> +               return -1;
> +
>         if (!skip_prefix(buffer, "tree ", &buffer))
>                 return error_func(&commit->object, FSCK_ERROR, "invalid 
> format - expected 'tree' line");
>         if (get_sha1_hex(buffer, tree_sha1) || buffer[40] != '\n')
> --
> 2.0.0.rc3.9669.g840d1f9
>
> --
> To unsubscribe from this list: send the line "unsubscribe git" in
> the body of a message to [email protected]
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to