diff options
author | Junio C Hamano <junkio@cox.net> | 2005-10-02 17:29:21 -0700 |
---|---|---|
committer | Junio C Hamano <junkio@cox.net> | 2005-10-02 17:29:21 -0700 |
commit | c807f771947de65dceb22960d1a093d702f42105 (patch) | |
tree | c719f13a676484600e41e99f30087498ccd6725b | |
parent | GIT 0.99.8 (diff) | |
download | tgif-c807f771947de65dceb22960d1a093d702f42105.tar.xz |
Fix minor DOS in rev-list.
A carefully crafted pathname can be used to disrupt downstream git-pack-objects
that uses 'git-rev-list --objects' output. Prevent this.
Signed-off-by: Junio C Hamano <junkio@cox.net>
-rw-r--r-- | rev-list.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/rev-list.c b/rev-list.c index 523fda07e1..5ec9ccb603 100644 --- a/rev-list.c +++ b/rev-list.c @@ -194,7 +194,17 @@ static void show_commit_list(struct commit_list *list) die("unknown pending object %s (%s)", sha1_to_hex(obj->sha1), name); } while (objects) { - printf("%s %s\n", sha1_to_hex(objects->item->sha1), objects->name); + /* An object with name "foo\n0000000000000000000000000000000000000000" + * can be used confuse downstream git-pack-objects very badly. + */ + const char *ep = strchr(objects->name, '\n'); + if (ep) { + printf("%s %.*s\n", sha1_to_hex(objects->item->sha1), + (int) (ep - objects->name), + objects->name); + } + else + printf("%s %s\n", sha1_to_hex(objects->item->sha1), objects->name); objects = objects->next; } } |