[PATCH] http-push: fix off-by-path_len

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Johannes Schindelin

Subject: [PATCH] http-push: fix off-by-path_len

Date: Saturday, January 17, 2009 - 8:36 am

When getting the result of remote_ls(), we were advancing the variable
"path" to the relative path inside the repository.

However, then we went on to malloc a bogus amount of memory: we were
subtracting the prefix length _again_, quite possibly getting something
negative, which xmalloc() interprets as really, really much.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---

	Note that the push in t5540 is still broken, as http-push does
	not handle packed-refs (when looking what branches are on the 
	remote side).

	It should not even try to access the directory structure under
	refs/ to begin with, but read info/refs instead.

	However, that is just one example of the ugliness that is 
	http-push.c; it also seems to be a perfect example of a copy-pasting 
	hell; just look at the output of "git grep
	curl_easy_setopt http-push.c".

	There _has_ to be lot of room for improvement.

 http-push.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/http-push.c b/http-push.c
index 9fcccee..cb5bf95 100644
--- a/http-push.c
+++ b/http-push.c
@@ -1435,10 +1435,8 @@ static void handle_remote_ls_ctx(struct xml_ctx *ctx, int tag_closed)
 			}
 			if (path) {
 				path += remote->path_len;
+				ls->dentry_name = xstrdup(path);
 			}
-			ls->dentry_name = xmalloc(strlen(path) -
-						  remote->path_len + 1);
-			strcpy(ls->dentry_name, path + remote->path_len);
 		} else if (!strcmp(ctx->name, DAV_PROPFIND_COLLECTION)) {
 			ls->dentry_flags |= IS_DIR;
 		}
@@ -1449,6 +1447,12 @@ static void handle_remote_ls_ctx(struct xml_ctx *ctx, int tag_closed)
 	}
 }
 
+/*
+ * NEEDSWORK: remote_ls() ignores info/refs on the remote side.  But it
+ * should _only_ heed the information from that file, instead of trying to
+ * determine the refs from the remote file system (badly: it does not even
+ * know about packed-refs).
+ */
 static void remote_ls(const char *path, int flags,
 		      void (*userFunc)(struct remote_ls_ctx *ls),
 		      void *userData)
-- 
1.6.1.325.g062d4

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] http-push: fix off-by-path_len, Johannes Schindelin, (Sat Jan 17, 8:36 am)

Where's Nick?, was Re: [PATCH] http-push: fix off-by-path_len, Johannes Schindelin, (Sat Jan 17, 8:40 am)

[PATCH] t5540: clarify that http-push does not handle pack ..., Johannes Schindelin, (Sat Jan 17, 8:41 am)

Re: [PATCH] http-push: fix off-by-path_len, Mike Hommey, (Sun Jan 18, 12:49 am)

[WIP Patch 00/12] Refactoring the http API, Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 01/12] Don't expect verify_pack() callers to se ..., Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 02/12] Some cleanup in get_refs_via_curl(), Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 03/12] Two new functions for the http API, Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 04/12] Use the new http API in http_fetch_ref(), Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 05/12] Use the new http API in get_refs_via_curl(), Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 06/12] Use the new http API in http-walker.c:fe ..., Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 07/12] Use the new http API in http-push.c:fetc ..., Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 08/12] Use the new http API in update_remote_in ..., Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 09/12] Use the new http API in fetch_symref(), Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 10/12] Use the new http API in http-walker.c:fe ..., Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 11/12] Use the new http API in http-push.c:fetc ..., Mike Hommey, (Sun Jan 18, 1:04 am)

[WIP Patch 12/12] Use the new http API in http-walker.c:fe ..., Mike Hommey, (Sun Jan 18, 1:04 am)

Re: [WIP Patch 00/12] Refactoring the http API, Junio C Hamano, (Sun Jan 18, 1:30 am)

Re: [WIP Patch 00/12] Refactoring the http API, Mike Hommey, (Sun Jan 18, 2:12 am)

Re: [WIP Patch 00/12] Refactoring the http API, Boyd Stephen Smith Jr., (Sun Jan 18, 4:29 am)

Re: [WIP Patch 03/12] Two new functions for the http API, Johannes Schindelin, (Sun Jan 18, 8:03 am)

Re: [WIP Patch 04/12] Use the new http API in http_fetch_ref(), Johannes Schindelin, (Sun Jan 18, 8:10 am)

Re: [WIP Patch 05/12] Use the new http API in get_refs_via ..., Johannes Schindelin, (Sun Jan 18, 8:12 am)

Re: [WIP Patch 07/12] Use the new http API in http-push.c: ..., Johannes Schindelin, (Sun Jan 18, 8:14 am)

Re: [WIP Patch 08/12] Use the new http API in update_remot ..., Johannes Schindelin, (Sun Jan 18, 8:18 am)

Re: [WIP Patch 02/12] Some cleanup in get_refs_via_curl(), Johannes Schindelin, (Sun Jan 18, 12:06 pm)

Re: [WIP Patch 02/12] Some cleanup in get_refs_via_curl(), Johannes Schindelin, (Sun Jan 18, 12:11 pm)

Re: [WIP Patch 02/12] Some cleanup in get_refs_via_curl(), Mike Hommey, (Sun Jan 18, 12:19 pm)

Re: [WIP Patch 04/12] Use the new http API in http_fetch_ref(), Mike Hommey, (Sun Jan 18, 12:21 pm)

Re: [WIP Patch 08/12] Use the new http API in update_remot ..., Mike Hommey, (Sun Jan 18, 12:23 pm)

Re: [WIP Patch 02/12] Some cleanup in get_refs_via_curl(), Mike Hommey, (Sun Jan 18, 12:30 pm)

Re: [WIP Patch 02/12] Some cleanup in get_refs_via_curl(), Johannes Schindelin, (Sun Jan 18, 2:09 pm)

Re: [WIP Patch 02/12] Some cleanup in get_refs_via_curl(), Johannes Schindelin, (Sun Jan 18, 2:10 pm)


linux-kernel:
Fortier,Vincent [Montreal]	2.6.21.5 june 30th to july 1st date hang?
Jeff Dike	[ PATCH 2/6 ] UML - Formatting fixes around os_{read_write}_file callers
Liam Girdwood	[PATCH 07/13] regulator: regulator test harness
Oleg Nesterov	Re: Getting the new RxRPC patches upstream
Stefan Seyfried	Re: 2.6.19-rc5: grub is much slower resuming from suspend-to-disk than in 2.6.18
linux-netdev:
Arnaud Ebalard	Re: [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0
Jan Engelhardt	Re: [PATCH iptables] extension: add xt_cpu match
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Sebastian Andrzej Siewior	[PATCH 8/8] net/emergency: remove locking from reycling pool if emergncy pools are...
David Miller	Re: [PATCH] qlcnic: dont assume NET_IP_ALIGN is 2
git:
Jakub Narebski	Re: git on MacOSX and files with decomposed utf-8 file names
Brandon Casey	Re: Thunderbird and patches (was Re: [PATCH v2] Enable setting attach as the def...
Christian Couder	[PATCH 1/3] rev-parse: add test script for "--verify"
Ramkumar Ramachandra	Re: [GSoC update] git-remote-svn: The final one
Junio C Hamano	Re: git-rm isn't the inverse action of git-add
openbsd-misc:
Joachim Schipper	Re: UVC Webcams
Florin Andrei	SOLVED [was: firewall is very slow, something's wrong]
Todd Alan Smith	Re: Microsoft gets the Most Secure Operating Systems award
Neal Hogan	Re: Need Advice: Thinkpad T60 or T61?
Sam Fourman Jr.	Re: Real men don't attack straw men
git-commits-head:
Linux Kernel Mailing List	ACPI: Disable ARB_DISABLE on platforms where it is not needed
Linux Kernel Mailing List	m68knommu: add read_barrier_depends() and irqs_disabled_flags()
Linux Kernel Mailing List	[MTD] Add mtd panic_write function pointer
Linux Kernel Mailing List	[ARM] pxa: remove duplicate select statements from Kconfig
Linux Kernel Mailing List	mlx4_core: Don't read reserved fields in mlx4_QUERY_ADAPTER()