зеркало из https://github.com/microsoft/git.git
blame: don't overflow time buffer
When showing the raw timestamp, we format the numeric seconds-since-epoch into a buffer, followed by the timezone string. This string has come straight from the commit object. A well-formed object should have a timezone string of only a few bytes, but we could be operating on data pushed by a malicious user. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Родитель
c2857fb8b7
Коммит
c3ea051544
|
@ -1598,7 +1598,7 @@ static const char *format_time(unsigned long time, const char *tz_str,
|
||||||
int tz;
|
int tz;
|
||||||
|
|
||||||
if (show_raw_time) {
|
if (show_raw_time) {
|
||||||
sprintf(time_buf, "%lu %s", time, tz_str);
|
snprintf(time_buf, sizeof(time_buf), "%lu %s", time, tz_str);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
tz = atoi(tz_str);
|
tz = atoi(tz_str);
|
||||||
|
|
Загрузка…
Ссылка в новой задаче