gitweb: Secure against commit-ish/tree-ish with the same name as path
[gitweb.git] / tree-walk.c
index 297c6972b9256578f9cd7a92404dda55c8e34a2e..14cc5aea6c4eefbf4b0fa9c72ccb70ec550b44b4 100644 (file)
@@ -43,7 +43,7 @@ void update_tree_entry(struct tree_desc *desc)
 
        if (size < len)
                die("corrupt tree file");
-       desc->buf = buf + len;
+       desc->buf = (char *) buf + len;
        desc->size = size - len;
 }
 
@@ -66,7 +66,7 @@ const unsigned char *tree_entry_extract(struct tree_desc *desc, const char **pat
        const void *tree = desc->buf;
        unsigned long size = desc->size;
        int len = strlen(tree)+1;
-       const unsigned char *sha1 = tree + len;
+       const unsigned char *sha1 = (unsigned char *) tree + len;
        const char *path;
        unsigned int mode;
 
@@ -80,7 +80,8 @@ const unsigned char *tree_entry_extract(struct tree_desc *desc, const char **pat
 
 int tree_entry(struct tree_desc *desc, struct name_entry *entry)
 {
-       const void *tree = desc->buf, *path;
+       const void *tree = desc->buf;
+       const char *path;
        unsigned long len, size = desc->size;
 
        if (!size)
@@ -95,10 +96,10 @@ int tree_entry(struct tree_desc *desc, struct name_entry *entry)
        entry->pathlen = len;
 
        path += len + 1;
-       entry->sha1 = path;
+       entry->sha1 = (const unsigned char *) path;
 
        path += 20;
-       len = path - tree;
+       len = path - (char *) tree;
        if (len > size)
                die("corrupt tree file");
 
@@ -178,7 +179,7 @@ static int find_tree_entry(struct tree_desc *t, const char *name, unsigned char
                if (cmp < 0)
                        break;
                if (entrylen == namelen) {
-                       memcpy(result, sha1, 20);
+                       hashcpy(result, sha1);
                        return 0;
                }
                if (name[entrylen] != '/')
@@ -186,7 +187,7 @@ static int find_tree_entry(struct tree_desc *t, const char *name, unsigned char
                if (!S_ISDIR(*mode))
                        break;
                if (++entrylen == namelen) {
-                       memcpy(result, sha1, 20);
+                       hashcpy(result, sha1);
                        return 0;
                }
                return get_tree_entry(sha1, name + entrylen, result, mode);