microsoft
/
git
зеркало из https://github.com/microsoft/git.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

entry.c: fix possible buffer overflow in remove_subtree() 

remove_subtree() manipulated path in a fixed-size buffer even though
the length of the input, let alone the length of entries within the
directory, were not known in advance.  Change the function to take a
strbuf argument and use that object as its scratch space.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Michael Haggerty 2014-03-13 10:19:08 +01:00 коммит произвёл Junio C Hamano
Родитель f63272a35e
Коммит 2f29e0c6fa
1 изменённых файлов: 17 добавлений и 17 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

34
entry.c
Просмотреть файл

@ -44,33 +44,33 @@ static void create_directories(const char *path, int path_len,
free(buf); free(buf);
} }
static void remove_subtree(const char *path) static void remove_subtree(struct strbuf *path)
{ {
DIR *dir = opendir(path); DIR *dir = opendir(path->buf);
struct dirent *de; struct dirent *de;
char pathbuf[PATH_MAX]; int origlen = path->len;
char *name;
if (!dir) if (!dir)
die_errno("cannot opendir '%s'", path); die_errno("cannot opendir '%s'", path->buf);
strcpy(pathbuf, path);
name = pathbuf + strlen(path);
*name++ = '/';
while ((de = readdir(dir)) != NULL) { while ((de = readdir(dir)) != NULL) {
struct stat st; struct stat st;
if (is_dot_or_dotdot(de->d_name)) if (is_dot_or_dotdot(de->d_name))
continue; continue;
strcpy(name, de->d_name);
if (lstat(pathbuf, &st)) strbuf_addch(path, '/');
die_errno("cannot lstat '%s'", pathbuf); strbuf_addstr(path, de->d_name);
if (lstat(path->buf, &st))
die_errno("cannot lstat '%s'", path->buf);
if (S_ISDIR(st.st_mode)) if (S_ISDIR(st.st_mode))
remove_subtree(pathbuf); remove_subtree(path);
else if (unlink(pathbuf)) else if (unlink(path->buf))
die_errno("cannot unlink '%s'", pathbuf); die_errno("cannot unlink '%s'", path->buf);
strbuf_setlen(path, origlen);
} }
closedir(dir); closedir(dir);
if (rmdir(path)) if (rmdir(path->buf))
die_errno("cannot rmdir '%s'", path); die_errno("cannot rmdir '%s'", path->buf);
} }
static int create_file(const char *path, unsigned int mode) static int create_file(const char *path, unsigned int mode)
@ -271,7 +271,7 @@ int checkout_entry(struct cache_entry *ce,
return 0; return 0;
if (!state->force) if (!state->force)
return error("%s is a directory", path.buf); return error("%s is a directory", path.buf);
remove_subtree(path.buf); remove_subtree(&path);
} else if (unlink(path.buf)) } else if (unlink(path.buf))
return error("unable to unlink old '%s' (%s)", return error("unable to unlink old '%s' (%s)",
path.buf, strerror(errno)); path.buf, strerror(errno));