зеркало из https://github.com/microsoft/git.git
verify_absent: allow filenames longer than PATH_MAX
When unpack-trees wants to know whether a path will overwrite anything in the working tree, we use lstat() to see if there is anything there. But if we are going to write "foo/bar", we can't just lstat("foo/bar"); we need to look for leading prefixes (e.g., "foo"). So we use the lstat cache to find the length of the leading prefix, and copy the filename up to that length into a temporary buffer (since the original name is const, we cannot just stick a NUL in it). The copy we make goes into a PATH_MAX-sized buffer, which will overflow if the prefix is longer than PATH_MAX. How this happens is a little tricky, since in theory PATH_MAX is the biggest path we will have read from the filesystem. But this can happen if: - the compiled-in PATH_MAX does not accurately reflect what the filesystem is capable of - the leading prefix is not _quite_ what is on disk; it contains the next element from the name we are checking. So if we want to write "aaa/bbb/ccc/ddd" and "aaa/bbb" exists, the prefix of interest is "aaa/bbb/ccc". If "aaa/bbb" approaches PATH_MAX, then "ccc" can overflow it. So this can be triggered, but it's hard to do. In particular, you cannot just "git clone" a bogus repo. The verify_absent checks happen before unpack-trees writes anything to the filesystem, so there are never any leading prefixes during the initial checkout, and the bug doesn't trigger. And by definition, these files are larger than PATH_MAX, so writing them will fail, and clone will complain (though it may write a partial path, which will cause a subsequent "git checkout" to hit the bug). We can fix it by creating the temporary path on the heap. The extra malloc overhead is not important, as we are already making at least one stat() call (and probably more for the prefix discovery). Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Родитель
fdf96a20ac
Коммит
f514ef9787
|
@ -1432,15 +1432,18 @@ static int verify_absent_1(const struct cache_entry *ce,
|
|||
if (!len)
|
||||
return 0;
|
||||
else if (len > 0) {
|
||||
char path[PATH_MAX + 1];
|
||||
memcpy(path, ce->name, len);
|
||||
path[len] = 0;
|
||||
if (lstat(path, &st))
|
||||
return error("cannot stat '%s': %s", path,
|
||||
strerror(errno));
|
||||
char *path;
|
||||
int ret;
|
||||
|
||||
return check_ok_to_remove(path, len, DT_UNKNOWN, NULL, &st,
|
||||
error_type, o);
|
||||
path = xmemdupz(ce->name, len);
|
||||
if (lstat(path, &st))
|
||||
ret = error("cannot stat '%s': %s", path,
|
||||
strerror(errno));
|
||||
else
|
||||
ret = check_ok_to_remove(path, len, DT_UNKNOWN, NULL,
|
||||
&st, error_type, o);
|
||||
free(path);
|
||||
return ret;
|
||||
} else if (lstat(ce->name, &st)) {
|
||||
if (errno != ENOENT)
|
||||
return error("cannot stat '%s': %s", ce->name,
|
||||
|
|
Загрузка…
Ссылка в новой задаче