Home » Mailing list archives » git » 2008 » July » 16

[PATCH] Fix buffer overflow in git-grep

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Dmitry Potapov <dpotapov@...>
To: <git@...>
Cc: Dmitry Potapov <dpotapov@...>
Subject: [PATCH] Fix buffer overflow in git-grep
Date: Wednesday, July 16, 2008 - 6:15 am

If PATH_MAX on your system is smaller than any path stored in the git
repository, that can cause memory corruption inside of the grep_tree
function used by git-grep.

Signed-off-by: Dmitry Potapov <dpotapov@gmail.com>
---
 builtin-grep.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/builtin-grep.c b/builtin-grep.c
index ef29910..530a53d 100644
--- a/builtin-grep.c
+++ b/builtin-grep.c
@@ -441,14 +441,17 @@ static int grep_tree(struct grep_opt *opt, const char **paths,
 	len = strlen(path_buf);
 
 	while (tree_entry(tree, &entry)) {
-		strcpy(path_buf + len, entry.path);
+		int te_len = tree_entry_len(entry.path, entry.sha1);
+		if (len + te_len >= PATH_MAX + tn_len)
+			die ("path too long: %s", path_buf+tn_len);
+		memcpy(path_buf + len, entry.path, te_len);
 
 		if (S_ISDIR(entry.mode))
 			/* Match "abc/" against pathspec to
 			 * decide if we want to descend into "abc"
 			 * directory.
 			 */
-			strcpy(path_buf + len + tree_entry_len(entry.path, entry.sha1), "/");
+			strcpy(path_buf + len + te_len, "/");
 
 		if (!pathspec_matches(paths, down))
 			;
-- 
1.5.6.3.1.gb5587a

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[PATCH] Fix buffer overflow in git-grep, Dmitry Potapov, (Wed Jul 16, 6:15 am)
Re: [PATCH] Fix buffer overflow in git-grep, Johannes Schindelin, (Wed Jul 16, 6:35 am)
[PATCH v2] Fix buffer overflow in git-grep, Dmitry Potapov, (Wed Jul 16, 11:33 am)
Re: [PATCH] Fix buffer overflow in git-grep, Dmitry Potapov, (Wed Jul 16, 7:54 am)
Re: [PATCH] Fix buffer overflow in git-grep, Dmitry Potapov, (Wed Jul 16, 10:33 am)
[PATCH] Fix buffer overflow in git diff, Dmitry Potapov, (Wed Jul 16, 10:54 am)
[PATCH] Fix buffer overflow in prepare_attr_stack, Dmitry Potapov, (Wed Jul 16, 10:54 am)
Re: [PATCH] Fix buffer overflow in prepare_attr_stack, Johannes Sixt, (Wed Jul 16, 11:21 am)
[PATCH v2] Fix buffer overflow in prepare_attr_stack, Dmitry Potapov, (Wed Jul 16, 11:39 am)
Re: [PATCH] Fix buffer overflow in git-grep, Johannes Schindelin, (Wed Jul 16, 10:47 am)