Re: [PATCH 1/2] entry.c: convert checkout_entry to use strbuf

On Wed, Oct 23, 2013 at 2:55 PM, Nguyễn Thái Ngọc Duy pclo...@gmail.com wrote: The old code does not do boundary check so any paths longer than PATH_MAX can cause buffer overflow. Replace it with strbuf to handle paths of arbitrary length. Signed-off-by: Nguyễn Thái Ngọc Duy pclo...@gmail.com

Re: [PATCH 1/2] entry.c: convert checkout_entry to use strbuf

On Wed, Oct 23, 2013 at 7:58 PM, Antoine Pelisse apeli...@gmail.com wrote: diff --git a/entry.c b/entry.c index acc892f..d955af5 100644 --- a/entry.c +++ b/entry.c @@ -237,16 +237,18 @@ static int check_path(const char *path, int len, struct stat *st, int skiplen) int

Re: [PATCH 1/2] entry.c: convert checkout_entry to use strbuf

On Wed, Oct 23, 2013 at 3:04 PM, Duy Nguyen pclo...@gmail.com wrote: On Wed, Oct 23, 2013 at 7:58 PM, Antoine Pelisse apeli...@gmail.com wrote: diff --git a/entry.c b/entry.c index acc892f..d955af5 100644 --- a/entry.c +++ b/entry.c @@ -237,16 +237,18 @@ static int check_path(const char

Re: [PATCH 1/2] entry.c: convert checkout_entry to use strbuf

On Wed, Oct 23, 2013 at 07:55:06PM +0700, Nguyen Thai Ngoc Duy wrote: The old code does not do boundary check so any paths longer than PATH_MAX can cause buffer overflow. Replace it with strbuf to handle paths of arbitrary length. I think this is a reasonable solution. If we have such a long

Re: [PATCH 1/2] entry.c: convert checkout_entry to use strbuf

On Wed, Oct 23, 2013 at 7:29 PM, Jeff King p...@peff.net wrote: On Wed, Oct 23, 2013 at 07:55:06PM +0700, Nguyen Thai Ngoc Duy wrote: The old code does not do boundary check so any paths longer than PATH_MAX can cause buffer overflow. Replace it with strbuf to handle paths of arbitrary

Re: [PATCH 1/2] entry.c: convert checkout_entry to use strbuf

On Wed, Oct 23, 2013 at 07:34:18PM +0200, Erik Faye-Lund wrote: - memcpy(path, state-base_dir, len); - strcpy(path + len, ce-name); - len += ce_namelen(ce); + strbuf_reset(path_buf); + strbuf_addf(path_buf, %.*s%s, state-base_dir_len, state-base_dir, ce-name); +

Re: [PATCH 1/2] entry.c: convert checkout_entry to use strbuf

Jeff King p...@peff.net writes: On Wed, Oct 23, 2013 at 07:55:06PM +0700, Nguyen Thai Ngoc Duy wrote: ... -memcpy(path, state-base_dir, len); -strcpy(path + len, ce-name); -len += ce_namelen(ce); +strbuf_reset(path_buf); +strbuf_addf(path_buf, %.*s%s,

Re: [PATCH 1/2] entry.c: convert checkout_entry to use strbuf

On Wed, Oct 23, 2013 at 11:09:27AM -0700, Junio C Hamano wrote: This is not something you introduced, but while we are here, you may want to use ce-namelen, which would be a little faster than treating it as a string (especially for strbuf, as it can then know up front how big the size