Merge branch 'ar/maint-mksnpath' into HEAD

* ar/maint-mksnpath:
Fix potentially dangerous uses of mkpath and git_path
Fix mkpath abuse in dwim_ref and dwim_log of sha1_name.c
Add mksnpath which allows you to specify the output buffer

diff --git a/builtin-apply.c b/builtin-apply.c
index cfd8fceb9033cf5c4c7924d96437b94a9c4fe226..4c4d1e1774ade358dbc3283df5d1b764a32821b8 100644 (file)
--- a/builtin-apply.c
+++ b/builtin-apply.c
@@ -2841,8 +2841,8 @@ static void create_one_file(char *path, unsigned mode, const char *buf, unsigned
                unsigned int nr = getpid();
 
                for (;;) {
-                       const char *newpath;
-                       newpath = mkpath("%s~%u", path, nr);
+                       char newpath[PATH_MAX];
+                       mksnpath(newpath, sizeof(newpath), "%s~%u", path, nr);
                        if (!try_create_file(newpath, mode, buf, size)) {
                                if (!rename(newpath, path))
                                        return;

diff --git a/cache.h b/cache.h
index b0edbf9b9f68a98a0052ecb949f20aafb3125e56..629cdf3971f0e55fc34b7b5f43e5b4ea225e5be4 100644 (file)
--- a/cache.h
+++ b/cache.h
@@ -495,6 +495,9 @@ extern int check_repository_format(void);
 #define DATA_CHANGED    0x0020
 #define TYPE_CHANGED    0x0040
 
+extern char *mksnpath(char *buf, size_t n, const char *fmt, ...)
+       __attribute__((format (printf, 3, 4)));
+
 /* Return a statically allocated filename matching the sha1 signature */
 extern char *mkpath(const char *fmt, ...) __attribute__((format (printf, 1, 2)));
 extern char *git_path(const char *fmt, ...) __attribute__((format (printf, 1, 2)));

diff --git a/path.c b/path.c
index 76e8872622e435b050f77198ef6eef6e6ff6869e..8b64878c2147825a3a7ce483e9e6f05a0570a751 100644 (file)
--- a/path.c
+++ b/path.c
@@ -32,6 +32,21 @@ static char *cleanup_path(char *path)
        return path;
 }
 
+char *mksnpath(char *buf, size_t n, const char *fmt, ...)
+{
+       va_list args;
+       unsigned len;
+
+       va_start(args, fmt);
+       len = vsnprintf(buf, n, fmt, args);
+       va_end(args);
+       if (len >= n) {
+               snprintf(buf, n, bad_path);
+               return buf;
+       }
+       return cleanup_path(buf);
+}
+
 char *mkpath(const char *fmt, ...)
 {
        va_list args;

diff --git a/sha1_name.c b/sha1_name.c
index 41b680915d7348bf622397da8b1465d3769a361a..159c2ab84fa2cdde0e540024a1ca22e0bbb43af8 100644 (file)
--- a/sha1_name.c
+++ b/sha1_name.c
@@ -245,11 +245,13 @@ int dwim_ref(const char *str, int len, unsigned char *sha1, char **ref)
 
        *ref = NULL;
        for (p = ref_rev_parse_rules; *p; p++) {
+               char fullref[PATH_MAX];
                unsigned char sha1_from_ref[20];
                unsigned char *this_result;
 
                this_result = refs_found ? sha1_from_ref : sha1;
-               r = resolve_ref(mkpath(*p, len, str), this_result, 1, NULL);
+               mksnpath(fullref, sizeof(fullref), *p, len, str);
+               r = resolve_ref(fullref, this_result, 1, NULL);
                if (r) {
                        if (!refs_found++)
                                *ref = xstrdup(r);
@@ -272,7 +274,7 @@ int dwim_log(const char *str, int len, unsigned char *sha1, char **log)
                char path[PATH_MAX];
                const char *ref, *it;
 
-               strcpy(path, mkpath(*p, len, str));
+               mksnpath(path, sizeof(path), *p, len, str);
                ref = resolve_ref(path, hash, 1, NULL);
                if (!ref)
                        continue;