kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
git/contrib
History
Taylor Blau 9de345cb27 wincred: avoid buffer overflow in wcsncat() 
The wincred credential helper uses a static buffer ("target") as a
unique key for storing and comparing against internal storage. It does
this by building up a string is supposed to look like:

    git:$PROTOCOL://$USERNAME@$HOST/@PATH

However, the static "target" buffer is declared as a wide string with no
more than 1,024 wide characters. The first call to wcsncat() is almost
correct (it copies no more than ARRAY_SIZE(target) wchar_t's), but does
not account for the trailing NUL, introducing an off-by-one error.

But subsequent calls to wcsncat() have an additional problem on top of
the off-by-one. They do not account for the length of the existing
wide string being built up in 'target'. So the following:

    $ perl -e '
        my $x = "x" x 1_000;
        print "protocol=$x\nhost=$x\nusername=$x\npath=$x\n"
      ' |
      C\:/Program\ Files/Git/mingw64/libexec/git-core/git-credential-wincred.exe get

will result in a segmentation fault from over-filling buffer.

This bug is as old as the wincred helper itself, dating back to
a6253da0f3 (contrib: add win32 credential-helper, 2012-07-27). Commit
8b2d219a3d (wincred: improve compatibility with windows versions,
2013-01-10) replaced the use of strncat() with wcsncat(), but retained
the buggy behavior.

Fix this by using a "target_append()" helper which accounts for both the
length of the existing string within the buffer, as well as the trailing
NUL character.

Reported-by: David Leadbeater <dgl@dgl.cx>
Helped-by: David Leadbeater <dgl@dgl.cx>
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
 		2025-05-28 12:57:36 -04:00
..
buildsystems Merge branch 'ds/maintenance-on-windows-fix' 2023-08-15 10:19:47 -07:00
coccinelle config: pass kvi to die_bad_number() 2023-06-28 14:06:40 -07:00
completion completion: support pseudoref existence checks for reftables 2023-12-19 15:11:58 -08:00
contacts
credential wincred: avoid buffer overflow in wcsncat() 2025-05-28 12:57:36 -04:00
diff-highlight perl: bump the required Perl version to 5.8.1 from 5.8.0 2023-11-17 07:26:32 +09:00
emacs
examples
fast-import
git-jump git-jump: admit to passing merge mode args to ls-files 2023-10-05 12:55:38 -07:00
git-shell-commands
hg-to-git
hooks multimail: stop shipping a copy 2021-06-11 13:35:19 +09:00
long-running-filter
mw-to-git Merge branch 'tz/send-email-negatable-options' into maint-2.43 2024-02-08 16:22:01 -08:00
persistent-https
remote-helpers
stats
subtree parse-options: show negatability of options in short help 2023-08-06 17:16:50 -07:00
thunderbird-patch-inline
update-unicode
vscode vscode: improve tab size and wrapping 2022-06-27 15:37:44 -07:00
workdir
README doc: fix some typos, grammar and wording issues 2023-10-05 12:55:38 -07:00
coverage-diff.sh
git-resurrect.sh
remotes2config.sh
rerere-train.sh contrib/rerere-train: avoid useless gpg sign in training 2022-07-19 11:24:08 -07:00

README 

Contributed Software

Although these pieces are available as part of the official git
source tree, they are in somewhat different status.  The
intention is to keep interesting tools around git here, maybe
even experimental ones, to give users an easier access to them,
and to give tools wider exposure, so that they can be improved
faster.

I am not expecting to touch these myself that much.  As far as
my day-to-day operation is concerned, these subdirectories are
owned by their respective primary authors.  I am willing to help
if users of these components and the contrib/ subtree "owners"
have technical/design issues to resolve, but the initiative to
fix and/or enhance things _must_ be on the side of the subtree
owners.  IOW, I won't be actively looking for bugs and rooms for
enhancements in them as the git maintainer -- I may only do so
just as one of the users when I want to scratch my own itch.  If
you have patches to things in contrib/ area, the patch should be
first sent to the primary author, and then the primary author
should ack and forward it to me (git pull request is nicer).
This is the same way as how I have been treating gitk, and to a
lesser degree various foreign SCM interfaces, so you know the
drill.

I expect things that start their life in the contrib/ area
to graduate out of contrib/ once they mature, either by becoming
projects on their own, or moving to the toplevel directory.  On
the other hand, I expect I'll be proposing removal of disused
and inactive ones from time to time.

If you have new things to add to this area, please first propose
it on the git mailing list, and after a list discussion proves
there is general interest (it does not have to be a
list-wide consensus for a tool targeted to a relatively narrow
audience -- for example I do not work with projects whose
upstream is svn, so I have no use for git-svn myself, but it is
of general interest for people who need to interoperate with SVN
repositories in a way git-svn works better than git-svnimport),
submit a patch to create a subdirectory of contrib/ and put your
stuff there.

-jc