From 108bebeab31881654b7b0f1b5b393a6655d74d3f Mon Sep 17 00:00:00 2001 From: Alex Riesen Date: Sun, 26 Oct 2008 22:59:13 +0100 Subject: [PATCH 1/3] Add mksnpath which allows you to specify the output buffer This is just vsnprintf's but additionally calls cleanup_path() on the result. To be used as alternatives to mkpath() where the buffer for the created path may not be reused by subsequent calls of the same formatting function. Signed-off-by: Alex Riesen Signed-off-by: Junio C Hamano --- cache.h | 3 +++ path.c | 15 +++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/cache.h b/cache.h index 884fae826c..aea13b0822 100644 --- a/cache.h +++ b/cache.h @@ -480,6 +480,9 @@ extern int check_repository_format(void); #define DATA_CHANGED 0x0020 #define TYPE_CHANGED 0x0040 +extern char *mksnpath(char *buf, size_t n, const char *fmt, ...) + __attribute__((format (printf, 3, 4))); + /* Return a statically allocated filename matching the sha1 signature */ extern char *mkpath(const char *fmt, ...) __attribute__((format (printf, 1, 2))); extern char *git_path(const char *fmt, ...) __attribute__((format (printf, 1, 2))); diff --git a/path.c b/path.c index 76e8872622..8b64878c21 100644 --- a/path.c +++ b/path.c @@ -32,6 +32,21 @@ static char *cleanup_path(char *path) return path; } +char *mksnpath(char *buf, size_t n, const char *fmt, ...) +{ + va_list args; + unsigned len; + + va_start(args, fmt); + len = vsnprintf(buf, n, fmt, args); + va_end(args); + if (len >= n) { + snprintf(buf, n, bad_path); + return buf; + } + return cleanup_path(buf); +} + char *mkpath(const char *fmt, ...) { va_list args; From 94cc355287a7efc3eda76af6ae31f503a1ac098b Mon Sep 17 00:00:00 2001 From: Alex Riesen Date: Sun, 26 Oct 2008 23:07:24 +0100 Subject: [PATCH 2/3] Fix mkpath abuse in dwim_ref and dwim_log of sha1_name.c Otherwise the function sometimes fail to resolve obviously correct refnames, because the string data pointed to by "str" argument were reused. The change in dwim_log does not fix anything, just optimizes away strcpy code as the path can be created directly in the available buffer. Signed-off-by: Alex Riesen Signed-off-by: Junio C Hamano --- sha1_name.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sha1_name.c b/sha1_name.c index 4fb77f8863..75a5a7e96f 100644 --- a/sha1_name.c +++ b/sha1_name.c @@ -245,11 +245,13 @@ int dwim_ref(const char *str, int len, unsigned char *sha1, char **ref) *ref = NULL; for (p = ref_rev_parse_rules; *p; p++) { + char fullref[PATH_MAX]; unsigned char sha1_from_ref[20]; unsigned char *this_result; this_result = refs_found ? sha1_from_ref : sha1; - r = resolve_ref(mkpath(*p, len, str), this_result, 1, NULL); + mksnpath(fullref, sizeof(fullref), *p, len, str); + r = resolve_ref(fullref, this_result, 1, NULL); if (r) { if (!refs_found++) *ref = xstrdup(r); @@ -272,7 +274,7 @@ int dwim_log(const char *str, int len, unsigned char *sha1, char **log) char path[PATH_MAX]; const char *ref, *it; - strcpy(path, mkpath(*p, len, str)); + mksnpath(path, sizeof(path), *p, len, str); ref = resolve_ref(path, hash, 1, NULL); if (!ref) continue; From 9fa03c177ff826b439537072338af958fe01c257 Mon Sep 17 00:00:00 2001 From: Alex Riesen Date: Sun, 26 Oct 2008 23:08:52 +0100 Subject: [PATCH 3/3] Fix potentially dangerous uses of mkpath and git_path Replace them with mksnpath/git_snpath and a local buffer for the resulting string. Signed-off-by: Alex Riesen Signed-off-by: Junio C Hamano --- builtin-apply.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/builtin-apply.c b/builtin-apply.c index e9d49f133a..50b623e54c 100644 --- a/builtin-apply.c +++ b/builtin-apply.c @@ -2850,8 +2850,8 @@ static void create_one_file(char *path, unsigned mode, const char *buf, unsigned unsigned int nr = getpid(); for (;;) { - const char *newpath; - newpath = mkpath("%s~%u", path, nr); + char newpath[PATH_MAX]; + mksnpath(newpath, sizeof(newpath), "%s~%u", path, nr); if (!try_create_file(newpath, mode, buf, size)) { if (!rename(newpath, path)) return;