diff options
| author | Ævar Arnfjörð Bjarmason <avarab@gmail.com> | 2021-10-01 09:16:50 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-10-01 22:06:00 (GMT) |
| commit | 5848fb11acd0b6aad6ba9e3e71bd91485e0d4c71 (patch) | |
| tree | 1a8828ad2e306599bd10a234c2edcb502cce75fc | |
| parent | 3b6a8db3b03adb118bfafb90bbc710068dbd6d14 (diff) | |
| download | git-5848fb11acd0b6aad6ba9e3e71bd91485e0d4c71.zip git-5848fb11acd0b6aad6ba9e3e71bd91485e0d4c71.tar.gz git-5848fb11acd0b6aad6ba9e3e71bd91485e0d4c71.tar.bz2 | |
object-file.c: return ULHR_TOO_LONG on "header too long"
Split up the return code for "header too long" from the generic
negative return value unpack_loose_header() returns, and report via
error() if we exceed MAX_HEADER_LEN.
As a test added earlier in this series in t1006-cat-file.sh shows
we'll correctly emit zlib errors from zlib.c already in this case, so
we have no need to carry those return codes further down the
stack. Let's instead just return ULHR_TOO_LONG saying we ran into the
MAX_HEADER_LEN limit, or other negative values for "unable to unpack
<OID> header".
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | cache.h | 5 | ||||
| -rw-r--r-- | object-file.c | 8 | ||||
| -rw-r--r-- | streaming.c | 1 | ||||
| -rwxr-xr-x | t/t1006-cat-file.sh | 4 |
4 files changed, 13 insertions, 5 deletions
@@ -1311,16 +1311,19 @@ int git_open_cloexec(const char *name, int flags); * * - ULHR_OK on success * - ULHR_BAD on error + * - ULHR_TOO_LONG if the header was too long * * It will only parse up to MAX_HEADER_LEN bytes unless an optional * "hdrbuf" argument is non-NULL. This is intended for use with * OBJECT_INFO_ALLOW_UNKNOWN_TYPE to extract the bad type for (error) * reporting. The full header will be extracted to "hdrbuf" for use - * with parse_loose_header(). + * with parse_loose_header(), ULHR_TOO_LONG will still be returned + * from this function to indicate that the header was too long. */ enum unpack_loose_header_result { ULHR_OK, ULHR_BAD, + ULHR_TOO_LONG, }; enum unpack_loose_header_result unpack_loose_header(git_zstream *stream, unsigned char *map, diff --git a/object-file.c b/object-file.c index ade5f33..8abeb9a 100644 --- a/object-file.c +++ b/object-file.c @@ -1245,7 +1245,7 @@ enum unpack_loose_header_result unpack_loose_header(git_zstream *stream, * --allow-unknown-type". */ if (!header) - return ULHR_BAD; + return ULHR_TOO_LONG; /* * buffer[0..bufsiz] was not large enough. Copy the partial @@ -1266,7 +1266,7 @@ enum unpack_loose_header_result unpack_loose_header(git_zstream *stream, stream->next_out = buffer; stream->avail_out = bufsiz; } while (status != Z_STREAM_END); - return ULHR_BAD; + return ULHR_TOO_LONG; } static void *unpack_loose_rest(git_zstream *stream, @@ -1439,6 +1439,10 @@ static int loose_object_info(struct repository *r, status = error(_("unable to unpack %s header"), oid_to_hex(oid)); break; + case ULHR_TOO_LONG: + status = error(_("header for %s too long, exceeds %d bytes"), + oid_to_hex(oid), MAX_HEADER_LEN); + break; } if (status < 0) { diff --git a/streaming.c b/streaming.c index 6df0247..bd89c50 100644 --- a/streaming.c +++ b/streaming.c @@ -235,6 +235,7 @@ static int open_istream_loose(struct git_istream *st, struct repository *r, case ULHR_OK: break; case ULHR_BAD: + case ULHR_TOO_LONG: goto error; } if (parse_loose_header(st->u.loose.hdr, &oi, 0) < 0) diff --git a/t/t1006-cat-file.sh b/t/t1006-cat-file.sh index c89483f..4b55adf 100755 --- a/t/t1006-cat-file.sh +++ b/t/t1006-cat-file.sh @@ -356,12 +356,12 @@ do if test "$arg2" = "-p" then cat >expect <<-EOF - error: unable to unpack $bogus_long_sha1 header + error: header for $bogus_long_sha1 too long, exceeds 32 bytes fatal: Not a valid object name $bogus_long_sha1 EOF else cat >expect <<-EOF - error: unable to unpack $bogus_long_sha1 header + error: header for $bogus_long_sha1 too long, exceeds 32 bytes fatal: git cat-file: could not get object info EOF fi && |