diff options
| author | Jeff King <peff@peff.net> | 2016-10-03 20:34:17 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2016-10-10 20:52:36 (GMT) |
| commit | 670c359da357639f9f9a814ed646b4d854ec5d55 (patch) | |
| tree | 033496a3a221c61b1aceaf76133110dd3d908518 /sha1_file.c | |
| parent | f0f86fa9f3e2c0199d492ce7779761f1b5470b65 (diff) | |
| download | git-670c359da357639f9f9a814ed646b4d854ec5d55.zip git-670c359da357639f9f9a814ed646b4d854ec5d55.tar.gz git-670c359da357639f9f9a814ed646b4d854ec5d55.tar.bz2 | |
link_alt_odb_entry: handle normalize_path errors
When we add a new alternate to the list, we try to normalize
out any redundant "..", etc. However, we do not look at the
return value of normalize_path_copy(), and will happily
continue with a path that could not be normalized. Worse,
the normalizing process is done in-place, so we are left
with whatever half-finished working state the normalizing
function was in.
Fortunately, this cannot cause us to read past the end of
our buffer, as that working state will always leave the
NUL from the original path in place. And we do tend to
notice problems when we check is_directory() on the path.
But you can see the nonsense that we feed to is_directory
with an entry like:
this/../../is/../../way/../../too/../../deep/../../to/../../resolve
in your objects/info/alternates, which yields:
error: object directory
/to/e/deep/too/way//ects/this/../../is/../../way/../../too/../../deep/../../to/../../resolve
does not exist; check .git/objects/info/alternates.
We can easily fix this just by checking the return value.
But that makes it hard to generate a good error message,
since we're normalizing in-place and our input value has
been overwritten by cruft.
Instead, let's provide a strbuf helper that does an in-place
normalize, but restores the original contents on error. This
uses a second buffer under the hood, which is slightly less
efficient, but this is not a performance-critical code path.
The strbuf helper can also properly set the "len" parameter
of the strbuf before returning. Just doing:
normalize_path_copy(buf.buf, buf.buf);
will shorten the string, but leave buf.len at the original
length. That may be confusing to later code which uses the
strbuf.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'sha1_file.c')
| -rw-r--r-- | sha1_file.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/sha1_file.c b/sha1_file.c index 94daf31..057262d 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -263,7 +263,12 @@ static int link_alt_odb_entry(const char *entry, const char *relative_base, } strbuf_addstr(&pathbuf, entry); - normalize_path_copy(pathbuf.buf, pathbuf.buf); + if (strbuf_normalize_path(&pathbuf) < 0) { + error("unable to normalize alternate object path: %s", + pathbuf.buf); + strbuf_release(&pathbuf); + return -1; + } pfxlen = strlen(pathbuf.buf); @@ -335,7 +340,9 @@ static void link_alt_odb_entries(const char *alt, int len, int sep, } strbuf_add_absolute_path(&objdirbuf, get_object_directory()); - normalize_path_copy(objdirbuf.buf, objdirbuf.buf); + if (strbuf_normalize_path(&objdirbuf) < 0) + die("unable to normalize object directory: %s", + objdirbuf.buf); alt_copy = xmemdupz(alt, len); string_list_split_in_place(&entries, alt_copy, sep, -1); |