diff options
author | Jeff King <peff@peff.net> | 2015-09-24 17:07:31 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-09-25 10:18:18 -0700 |
commit | 54ba4c5fa2d7de216ca090ac2e657728462c81d5 (patch) | |
tree | c76231dded57746aa6478fe63dd5d35b49707bd3 | |
parent | http-push: use strbuf instead of fwrite_buffer (diff) | |
download | tgif-54ba4c5fa2d7de216ca090ac2e657728462c81d5.tar.xz |
http-walker: store url in a strbuf
We do an unchecked sprintf directly into our url buffer.
This doesn't overflow because we know that it was sized for
"$base/objects/info/http-alternates", and we are writing
"$base/objects/info/alternates", which must be smaller. But
that is not immediately obvious to a reader who is looking
for buffer overflows. Let's switch to a strbuf, so that we
do not have to think about this issue at all.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | http-walker.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/http-walker.c b/http-walker.c index 88da5468e7..2c721f0c30 100644 --- a/http-walker.c +++ b/http-walker.c @@ -29,7 +29,7 @@ struct object_request { struct alternates_request { struct walker *walker; const char *base; - char *url; + struct strbuf *url; struct strbuf *buffer; struct active_request_slot *slot; int http_specific; @@ -195,10 +195,11 @@ static void process_alternates_response(void *callback_data) /* Try reusing the slot to get non-http alternates */ alt_req->http_specific = 0; - sprintf(alt_req->url, "%s/objects/info/alternates", - base); + strbuf_reset(alt_req->url); + strbuf_addf(alt_req->url, "%s/objects/info/alternates", + base); curl_easy_setopt(slot->curl, CURLOPT_URL, - alt_req->url); + alt_req->url->buf); active_requests++; slot->in_use = 1; if (slot->finished != NULL) @@ -312,7 +313,7 @@ static void process_alternates_response(void *callback_data) static void fetch_alternates(struct walker *walker, const char *base) { struct strbuf buffer = STRBUF_INIT; - char *url; + struct strbuf url = STRBUF_INIT; struct active_request_slot *slot; struct alternates_request alt_req; struct walker_data *cdata = walker->data; @@ -338,7 +339,7 @@ static void fetch_alternates(struct walker *walker, const char *base) if (walker->get_verbosely) fprintf(stderr, "Getting alternates list for %s\n", base); - url = xstrfmt("%s/objects/info/http-alternates", base); + strbuf_addf(&url, "%s/objects/info/http-alternates", base); /* * Use a callback to process the result, since another request @@ -351,10 +352,10 @@ static void fetch_alternates(struct walker *walker, const char *base) curl_easy_setopt(slot->curl, CURLOPT_FILE, &buffer); curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, fwrite_buffer); - curl_easy_setopt(slot->curl, CURLOPT_URL, url); + curl_easy_setopt(slot->curl, CURLOPT_URL, url.buf); alt_req.base = base; - alt_req.url = url; + alt_req.url = &url; alt_req.buffer = &buffer; alt_req.http_specific = 1; alt_req.slot = slot; @@ -365,7 +366,7 @@ static void fetch_alternates(struct walker *walker, const char *base) cdata->got_alternates = -1; strbuf_release(&buffer); - free(url); + strbuf_release(&url); } static int fetch_indices(struct walker *walker, struct alt_base *repo) |