Commit Graph

26 Commits (ad3967a5a2bc8a2505ba618e59cd541775571ff8)

Author SHA1 Message Date
Junio C Hamano 273c54f82c Merge branch 'ap/path-max'
* ap/path-max:
  Prevent buffer overflows when path is too long
2014-01-10 10:32:18 -08:00
Antoine Pelisse fc2b621454 Prevent buffer overflows when path is too long
Some buffers created with PATH_MAX length are not checked when being
written, and can overflow if PATH_MAX is not big enough to hold the
path.

Replace those buffers by strbufs so that their size is automatically
grown if necessary. They are created as static local variables to avoid
reallocating memory on each call. Note that prefix_filename() returns
this static buffer so each callers should copy or use the string
immediately (this is currently true).

Reported-by: Wataru Noguchi <wnoguchi.0727@gmail.com>
Signed-off-by: Antoine Pelisse <apelisse@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-16 14:06:19 -08:00
Felipe Contreras e46c92e4ef abspath: trivial style fix
Signed-off-by: Felipe Contreras <felipe.contreras@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-09 13:19:56 -08:00
Junio C Hamano f1e835fa13 abspath.c: have SP around arithmetic operators
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-10-16 10:27:26 -07:00
Jonathan Nieder 380395d094 mingw: rename WIN32 cpp macro to GIT_WINDOWS_NATIVE
Throughout git, it is assumed that the WIN32 preprocessor symbol is
defined on native Windows setups (mingw and msvc) and not on Cygwin.
On Cygwin, most of the time git can pretend this is just another Unix
machine, and Windows-specific magic is generally counterproductive.

Unfortunately Cygwin *does* define the WIN32 symbol in some headers.
Best to rely on a new git-specific symbol GIT_WINDOWS_NATIVE instead,
defined as follows:

	#if defined(WIN32) && !defined(__CYGWIN__)
	# define GIT_WINDOWS_NATIVE
	#endif

After this change, it should be possible to drop the
CYGWIN_V15_WIN32API setting without any negative effect.

[rj: %s/WINDOWS_NATIVE/GIT_WINDOWS_NATIVE/g ]

Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-05-08 12:14:35 -07:00
Michael Haggerty e3e46cdbd4 Introduce new function real_path_if_valid()
The function is like real_path(), except that it returns NULL on error
instead of dying.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Jeff King <peff@peff.net>
2012-10-29 02:34:58 -04:00
Michael Haggerty d6052abca3 real_path_internal(): add comment explaining use of cwd
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Jeff King <peff@peff.net>
2012-10-29 02:34:57 -04:00
Michael Haggerty 038e55fec2 Introduce new static function real_path_internal()
It accepts a new parameter, die_on_error.  If die_on_error is false,
it simply cleans up after itself and returns NULL rather than dying.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Jeff King <peff@peff.net>
2012-10-29 02:34:57 -04:00
Michael Haggerty f4c21e89d7 real_path(): properly handle nonexistent top-level paths
The change has two points:

1. Do not strip off a leading slash, because that erroneously turns an
   absolute path into a relative path.

2. Do not remove slashes from groups of multiple slashes; instead let
   chdir() handle them.  It could be, for example, that it wants to
   leave leading double-slashes alone.

Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2012-09-06 16:19:58 -07:00
Michael Haggerty 3efe5d1d32 real_path(): reject the empty string
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2012-09-06 16:19:58 -07:00
Michael Haggerty a0601dc11f absolute_path(): reject the empty string
Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2012-09-06 16:19:58 -07:00
Dmitry Ivankov 0687628466 Reduce parse-options.o dependencies
Currently parse-options.o pulls quite a big bunch of dependencies.
his complicates it's usage in contrib/ because it pulls external
dependencies and it also increases executables size.

Split off less generic and more internal to git part of
parse-options.c to parse-options-cb.c.

Move prefix_filename function from setup.c to abspath.c. abspath.o
and wrapper.o pull each other, so it's unlikely to increase the
dependencies. It was a dependency of parse-options.o that pulled
many others.

Now parse-options.o pulls just abspath.o, ctype.o, strbuf.o, usage.o,
wrapper.o, libc directly and strlcpy.o indirectly.

Signed-off-by: Dmitry Ivankov <divanorama@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2011-08-11 12:18:02 -07:00
Junio C Hamano b075227979 Merge branch 'js/maint-add-path-stat-pwd'
* js/maint-add-path-stat-pwd:
  get_pwd_cwd(): Do not trust st_dev/st_ino blindly
2011-07-22 14:43:36 -07:00
Johannes Schindelin 7d092adc8f get_pwd_cwd(): Do not trust st_dev/st_ino blindly
10c4c88 (Allow add_path() to add non-existent directories to the path,
2008-07-21) introduced get_pwd_cwd() function in order to favor $PWD when
getenv("PWD") and getcwd() refer to the same directory but are different
strings (e.g. the former gives a nicer looking name via a symbolic link to
an uglier looking automounted path). The function tried to determine if
two directories are the same by running stat(2) on both and comparing
ino/dev fields.

Unfortunately, stat() does not fill any ino or dev fields in msysgit.  But
there is a telltale: both ino and dev are 0 when they are not filled
correctly, so let's be extra cautious.

This happens to fix a bug in "get-receive-pack working_directory/" when
the GIT_DIR would not be set correctly due to absolute_path(".")
returning the wrong value.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Acked-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2011-07-11 10:52:38 -07:00
Junio C Hamano 033c2dc436 Merge branch 'ef/maint-win-verify-path'
* ef/maint-win-verify-path:
  verify_dotfile(): do not assume '/' is the path seperator
  verify_path(): simplify check at the directory boundary
  verify_path: consider dos drive prefix
  real_path: do not assume '/' is the path seperator
  A Windows path starting with a backslash is absolute
2011-06-29 17:09:17 -07:00
Theo Niessink d1c69255a1 real_path: do not assume '/' is the path seperator
real_path currently assumes it's input had '/' as path seperator.
This assumption does not hold true for the code-path from
prefix_path (on Windows), where real_path can be called before
normalize_path_copy.

Fix real_path so it doesn't make this assumption. Create a helper
function to reverse-search for the last path-seperator in a string.

Signed-off-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2011-05-27 10:59:16 -07:00
Carlos Martín Nieto e2a57aac8a Name make_*_path functions more accurately
Rename the make_*_path functions so it's clearer what they do, in
particlar make clear what the differnce between make_absolute_path and
make_nonrelative_path is by renaming them real_path and absolute_path
respectively. make_relative_path has an understandable name and is
renamed to relative_path to maintain the name convention.

The function calls have been replaced 1-to-1 in their usage.

Signed-off-by: Carlos Martín Nieto <cmn@elego.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2011-03-17 16:08:30 -07:00
Carlos Martín Nieto 1d679de58e make_absolute_path: return the input path if it points to our buffer
Some codepaths call make_absolute_path with its own return value as
input. In such a cases, return the path immediately.

This fixes a valgrind-discovered error, whereby we tried to copy a
string onto itself.

Signed-off-by: Carlos Martín Nieto <cmn@elego.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2011-03-16 13:51:22 -07:00
Eric Sunshine b248e95096 Fix 'clone' failure at DOS root directory.
Cloning via relative path fails for a project residing immediately under
the root directory of a DOS drive.  For instance, for project c:/foo,
issuing "cd c:/" followed by "git clone foo bar" fails with error
"Unable to find remote helper for 'c'".  The problem is caused by
make_nonrelative_path() incorrectly returning c://foo rather than
c:/foo for input "foo".  The bogus path c://foo is misinterpreted by
transport_get() as a URL with unrecognized protocol "c", hence the
missing remote helper error.  Fix make_nonrelative_path() to return
c:/foo rather than c://foo (and /foo rather than //foo on Unix).

Resolves msysgit issue #501 [1]

[PT: squashed in changes requested by Junio [2][3]]

[1] http://code.google.com/p/msysgit/issues/detail?id=501
[2] http://marc.info/?l=git&m=128570102331652&w=2
[3] http://marc.info/?l=git&m=128573246704862&w=2

Acked-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Pat Thoyts <patthoyts@users.sourceforge.net>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2010-10-03 23:34:23 +01:00
Nguyễn Thái Ngọc Duy ed0cb46ebb make_absolute_path(): Do not append redundant slash
When concatenating two paths, if the first one already have '/', do
not put another '/' in between the two paths.

Usually this is not the case as getcwd() won't return '/foo/bar/',
except when you are standing at root, then it will return '/'.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2010-02-14 13:21:31 -08:00
Brandon Casey 1630726e84 abspath.c: move declaration of 'len' into inner block and use appropriate type
The 'len' variable was declared at the beginning of the make_absolute_path
function and also in an inner 'if' block which masked the outer declaration.
It is only used in two 'if' blocks, so remove the outer declaration and
make a new declaration inside the other 'if' block that uses 'len'.

Signed-off-by: Brandon Casey <casey@nrlssc.navy.mil>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-08-27 16:20:53 -07:00
Thomas Rast 0721c314a5 Use die_errno() instead of die() when checking syscalls
Lots of die() calls did not actually report the kind of error, which
can leave the user confused as to the real problem.  Use die_errno()
where we check a system/library call that sets errno on failure, or
one of the following that wrap such calls:

  Function              Passes on error from
  --------              --------------------
  odb_pack_keep         open
  read_ancestry         fopen
  read_in_full          xread
  strbuf_read           xread
  strbuf_read_file      open or strbuf_read_file
  strbuf_readlink       readlink
  write_in_full         xwrite

Signed-off-by: Thomas Rast <trast@student.ethz.ch>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-06-27 11:14:53 -07:00
Junio C Hamano 737e31af7a make_absolute_path(): check bounds when seeing an overlong symlink
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-12-17 13:36:34 -08:00
Junio C Hamano 90b4a71c49 is_directory(): a generic helper function
A simple "grep -e stat --and -e S_ISDIR" revealed there are many
open-coded implementations of this function.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-09-09 09:27:45 -07:00
Johannes Sixt 10c4c881c4 Allow add_path() to add non-existent directories to the path
This function had used make_absolute_path(); but this function dies if
the directory that contains the entry whose relative path was supplied in
the argument does not exist. This is a problem if the argument is, for
example, "../libexec/git-core", and that "../libexec" does not exist.

Since the resolution of symbolic links is not required for elements in
PATH, we can fall back to using make_nonrelative_path(), which simply
prepends $PWD to the path.

We have to move make_nonrelative_path() alongside make_absolute_path() in
abspath.c so that git-shell can be linked. See 5b8e6f85f.

Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-07-25 17:41:13 -07:00
Dmitry Potapov 5b8e6f85f9 shrink git-shell by avoiding redundant dependencies
A lot of modules that have nothing to do with git-shell functionality
were linked in, bloating git-shell more than 8 times.

This patch cuts off redundant dependencies by:
1. providing stubs for three functions that make no sense for git-shell;
2. moving quote_path_fully from environment.c to quote.c to make the
   later self sufficient;
3. moving make_absolute_path into a new separate file.

The following numbers have been received with the default optimization
settings on master using GCC 4.1.2:

Before:
   text    data     bss     dec     hex filename
 143915    1348   93168  238431   3a35f git-shell

After:
   text    data     bss     dec     hex filename
  17670     788    8232   26690    6842 git-shell

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-06-27 23:22:00 -07:00