kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity

git-remote: do not use user input in a printf format string 

'git remote show' substituted the remote name into a string that was later
used as a printf format string. If a remote name contains a printf format
specifier like this:

   $ git remote add foo%sbar .

then the command

   $ git remote show foo%sbar

would print garbage (if you are lucky) or crash. This fixes it.

Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
Johannes Sixt 2008-09-22 13:03:25 +02:00 committed by Junio C Hamano
parent cc185a6a8a
commit 79bbc7fb07
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
builtin-remote.c
View File

@ -407,14 +407,15 @@ static int rm(int argc, const char **argv)
return i; return i;
} }


static void show_list(const char *title, struct string_list *list) static void show_list(const char *title, struct string_list *list,
const char *extra_arg)
{ {
int i; int i;


if (!list->nr) if (!list->nr)
return; return;


printf(title, list->nr > 1 ? "es" : ""); printf(title, list->nr > 1 ? "es" : "", extra_arg);
printf("\n "); printf("\n ");
for (i = 0; i < list->nr; i++) for (i = 0; i < list->nr; i++)
printf("%s%s", i ? " " : "", list->items[i].string); printf("%s%s", i ? " " : "", list->items[i].string);
@ -477,7 +478,6 @@ static int show(int argc, const char **argv)


memset(&states, 0, sizeof(states)); memset(&states, 0, sizeof(states));
for (; argc; argc--, argv++) { for (; argc; argc--, argv++) {
struct strbuf buf;
int i; int i;


get_remote_ref_states(*argv, &states, !no_query); get_remote_ref_states(*argv, &states, !no_query);
@ -503,18 +503,16 @@ static int show(int argc, const char **argv)
} }


if (!no_query) { if (!no_query) {
strbuf_init(&buf, 0); show_list(" New remote branch%s (next fetch "
strbuf_addf(&buf, " New remote branch%%s (next fetch " "will store in remotes/%s)",
"will store in remotes/%s)", states.remote->name); &states.new, states.remote->name);
show_list(buf.buf, &states.new);
strbuf_release(&buf);
show_list(" Stale tracking branch%s (use 'git remote " show_list(" Stale tracking branch%s (use 'git remote "
"prune')", &states.stale); "prune')", &states.stale, "");
} }


if (no_query) if (no_query)
for_each_ref(append_ref_to_tracked_list, &states); for_each_ref(append_ref_to_tracked_list, &states);
show_list(" Tracked remote branch%s", &states.tracked); show_list(" Tracked remote branch%s", &states.tracked, "");


if (states.remote->push_refspec_nr) { if (states.remote->push_refspec_nr) {
printf(" Local branch%s pushed with 'git push'\n ", printf(" Local branch%s pushed with 'git push'\n ",