summaryrefslogtreecommitdiff
path: root/strbuf.c
diff options
context:
space:
mode:
authorRené Scharfe <l.s.r@web.de>2017-03-26 13:43:50 (GMT)
committerJunio C Hamano <gitster@pobox.com>2017-03-27 00:41:05 (GMT)
commita54e938e5b53c76ebcd5c068a4f74739c1c68bac (patch)
tree6b8e11ba8e28b219f741063c2b2c2dfa4c89e3be /strbuf.c
parent8f9aeb0d36c6cbfb849946bb272fa0d3c4611547 (diff)
downloadgit-a54e938e5b53c76ebcd5c068a4f74739c1c68bac.zip
git-a54e938e5b53c76ebcd5c068a4f74739c1c68bac.tar.gz
git-a54e938e5b53c76ebcd5c068a4f74739c1c68bac.tar.bz2
strbuf: support long paths w/o read rights in strbuf_getcwd() on FreeBSD
FreeBSD implements getcwd(3) as a syscall, but falls back to a version based on readdir(3) if it fails for some reason. The latter requires permissions to read and execute path components, while the former does not. That means that if our buffer is too small and we're missing rights we could get EACCES, but we may succeed with a bigger buffer. Keep retrying if getcwd(3) indicates lack of permissions until our buffer can fit PATH_MAX bytes, as that's the maximum supported by the syscall on FreeBSD anyway. This way we do what we can to be able to benefit from the syscall, but we also won't loop forever if there is a real permission issue. This fixes a regression introduced with 7333ed17 (setup: convert setup_git_directory_gently_1 et al. to strbuf, 2014-07-28) for paths longer than 127 bytes with components that miss read or execute permissions (e.g. 0711 on /home for privacy reasons); we used a fixed PATH_MAX-sized buffer before. Reported-by: Zenobiusz Kunegunda <zenobiusz.kunegunda@interia.pl> Signed-off-by: Rene Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'strbuf.c')
-rw-r--r--strbuf.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/strbuf.c b/strbuf.c
index 8fec657..01d2594 100644
--- a/strbuf.c
+++ b/strbuf.c
@@ -449,6 +449,17 @@ int strbuf_getcwd(struct strbuf *sb)
strbuf_setlen(sb, strlen(sb->buf));
return 0;
}
+
+ /*
+ * If getcwd(3) is implemented as a syscall that falls
+ * back to a regular lookup using readdir(3) etc. then
+ * we may be able to avoid EACCES by providing enough
+ * space to the syscall as it's not necessarily bound
+ * to the same restrictions as the fallback.
+ */
+ if (errno == EACCES && guessed_len < PATH_MAX)
+ continue;
+
if (errno != ERANGE)
break;
}