| commit | c29edfefb6f6a3fef80172c16bcc34c826d417b0 | |
| author | Jeff King <peff@peff.net> | |
| Wed, 19 Aug 2015 18:12:41 +0000 (19 14:12 -0400) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Fri, 4 Sep 2015 16:36:28 +0000 (4 09:36 -0700) | ||
| tree | 8441a329d59f164aa75f5f3752c420e459a7048b | treesnapshot (tar.gz zip) |
| parent | f514ef9787f320287d7ba71f2965127b9d8b3832 | commitdiff |
notes: use a strbuf in add_non_note
When we are loading a notes tree into our internal hash
table, we also collect any files that are clearly non-notes.
We format the name of the file into a PATH_MAX buffer, but
unlike true notes (which cannot be larger than a fanned-out
sha1 hash), these tree entries can be arbitrarily long,
overflowing our buffer.
We can fix this by switching to a strbuf. It doesn't even
cost us an extra allocation, as we can simply hand ownership
of the buffer over to the non-note struct.
This is of moderate security interest, as you might fetch
notes trees from an untrusted remote. However, we do not do
so by default, so you would have to manually fetch into the
notes namespace.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
When we are loading a notes tree into our internal hash
table, we also collect any files that are clearly non-notes.
We format the name of the file into a PATH_MAX buffer, but
unlike true notes (which cannot be larger than a fanned-out
sha1 hash), these tree entries can be arbitrarily long,
overflowing our buffer.
We can fix this by switching to a strbuf. It doesn't even
cost us an extra allocation, as we can simply hand ownership
of the buffer over to the non-note struct.
This is of moderate security interest, as you might fetch
notes trees from an untrusted remote. However, we do not do
so by default, so you would have to manually fetch into the
notes namespace.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| notes.c | diffblobblamehistory |