Re: [PATCHv4] Read (but not write) from XDG configuration, XDG attributes and XDG ignore files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Junio C Hamano wrote:
> Ramsay Jones <ramsay@xxxxxxxxxxxxxxxxxxx> writes:
> 
>> Subject: [PATCH] path.c: Fix a static buffer overwrite bug by avoiding mkpath()
>>
>> In order to fix the bug, we introduce a new variation of the mkpath()
>> function, mkpathdup(), which avoids the use of the internal static
>> buffers.
> 
> Shouldn't we aim a bit higher to also avoid the use of bounded
> buffer?  Instead of returning bad_path, retry with lengthened buffer
> until we succeed, or something.
> 
> Better yet, internally use strbuf_vaddf().

Sorry for the late reply, I've been away ...

Yes, I wasn't aiming too high. In fact I was only aiming for "I spent the
last 20 minutes fixing up your patch so that it doesn't tickle the bug
on cygwin, and it looks like this..." :-P

While away, I did rewrite mkpathdup() to address your concerns (although I
didn't use strbuf_vaddf()).

However, I see that Nguyen has not been idle and, with help from others, has
fixed up the patch and re-rolled the series (v7 I think). I haven't fetched
that mail yet, but it looked good and should not tickle the cygwin bug. I will
test it soon.

ATB,
Ramsay Jones


--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]