• Jeff King's avatar
    enter_repo: convert fixed-size buffers to strbufs · e9ba6781
    Jeff King authored
    We use two PATH_MAX-sized buffers to represent the repo
    path, and must make sure not to overflow them. We do take
    care to check the lengths, but the logic is rather hard to
    follow, as we use several magic numbers (e.g., "PATH_MAX -
    10"). And in fact you _can_ overflow the buffer if you have
    a ".git" file with an extremely long path in it.
    By switching to strbufs, these problems all go away. We do,
    however, retain the check that the initial input we get is
    no larger than PATH_MAX. This function is an entry point for
    untrusted repo names from the network, and it's a good idea
    to keep a sanity check (both to avoid allocating arbitrary
    amounts of memory, and also as a layer of defense against
    any downstream users of the names).
    Signed-off-by: default avatarJeff King <[email protected]>
    Signed-off-by: default avatarJunio C Hamano <[email protected]>
path.c 21.7 KB