From: Junio C Hamano <gitster@pobox.com>
To: git@vger.kernel.org
Subject: [PATCH] config: reject invalid VAR in 'git -c VAR=VAL command'
Date: Tue, 21 Feb 2017 10:53:08 -0800 [thread overview]
Message-ID: <xmqq37f7gyuj.fsf_-_@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <xmqqino5jia8.fsf@gitster.mtv.corp.google.com> (Junio C. Hamano's message of "Mon, 20 Feb 2017 01:58:07 -0800")
The parsing of one-shot assignments of configuration variables that
come from the command line historically was quite loose and allowed
anything to pass.
The configuration variable names that come from files are validated
in git_config_parse_source(), which uses get_base_var() that grabs
the <section> (and subsection) while making sure that <section>
consists of iskeychar() letters, the function itself that makes sure
that the first letter in <variable> is isalpha(), and get_value()
that grabs the remainder of the <variable> name while making sure
that it consists of iskeychar() letters.
Perform an equivalent check in canonicalize_config_variable_name()
to catch invalid configuration variable names that come from the
command line.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
Junio C Hamano <gitster@pobox.com> writes:
> One thing I noticed is that "git config --get X" will correctly
> diagnose that a dot-less X is not a valid variable name, but we do
> not seem to diagnose "git -c X=V <cmd>" as invalid.
>
> Perhaps we should, but it is not the focus of this topic.
And here is a follow-up on that tangent.
config.c | 48 +++++++++++++++++++++++++++++++++++++-----------
t/t1300-repo-config.sh | 7 +++++++
2 files changed, 44 insertions(+), 11 deletions(-)
diff --git a/config.c b/config.c
index 4128debc71..e7f7ff1938 100644
--- a/config.c
+++ b/config.c
@@ -199,32 +199,62 @@ void git_config_push_parameter(const char *text)
strbuf_release(&env);
}
+static inline int iskeychar(int c)
+{
+ return isalnum(c) || c == '-';
+}
+
/*
* downcase the <section> and <variable> in <section>.<variable> or
* <section>.<subsection>.<variable> and do so in place. <subsection>
* is left intact.
+ *
+ * The configuration variable names that come from files are validated
+ * in git_config_parse_source(), which uses get_base_var() that grabs
+ * the <section> (and subsection) while making sure that <section>
+ * consists of iskeychar() letters, the function itself that makes
+ * sure that the first letter in <variable> is isalpha(), and
+ * get_value() that grabs the remainder of the <variable> name while
+ * making sure that it consists of iskeychar() letters. Perform a
+ * matching validation for configuration variables that come from
+ * the command line.
*/
-static void canonicalize_config_variable_name(char *varname)
+static int canonicalize_config_variable_name(char *varname)
{
- char *cp, *last_dot;
+ char *cp, *first_dot, *last_dot;
/* downcase the first segment */
for (cp = varname; *cp; cp++) {
if (*cp == '.')
break;
+ if (!iskeychar(*cp))
+ return -1;
*cp = tolower(*cp);
}
if (!*cp)
- return;
+ return -1; /* no dot anywhere? */
+
+ first_dot = cp;
+ if (first_dot == varname)
+ return -1; /* no section? */
/* find the last dot (we start from the first dot we just found) */
- for (last_dot = cp; *cp; cp++)
+ for (; *cp; cp++)
if (*cp == '.')
last_dot = cp;
+ if (!last_dot[1])
+ return -1; /* no variable? */
+
/* downcase the last segment */
- for (cp = last_dot; *cp; cp++)
+ for (cp = last_dot + 1; *cp; cp++) {
+ if (cp == last_dot + 1 && !isalpha(*cp))
+ return -1;
+ else if (!iskeychar(*cp))
+ return -1;
*cp = tolower(*cp);
+ }
+ return 0;
}
int git_config_parse_parameter(const char *text,
@@ -249,7 +279,8 @@ int git_config_parse_parameter(const char *text,
strbuf_list_free(pair);
return error("bogus config parameter: %s", text);
}
- canonicalize_config_variable_name(pair[0]->buf);
+ if (canonicalize_config_variable_name(pair[0]->buf))
+ return error("bogus config parameter: %s", text);
if (fn(pair[0]->buf, value, data) < 0) {
strbuf_list_free(pair);
return -1;
@@ -382,11 +413,6 @@ static char *parse_value(void)
}
}
-static inline int iskeychar(int c)
-{
- return isalnum(c) || c == '-';
-}
-
static int get_value(config_fn_t fn, void *data, struct strbuf *name)
{
int c;
diff --git a/t/t1300-repo-config.sh b/t/t1300-repo-config.sh
index 7a16f66a9d..92a5d0dfb1 100755
--- a/t/t1300-repo-config.sh
+++ b/t/t1300-repo-config.sh
@@ -1143,6 +1143,13 @@ test_expect_success 'last one wins: three level vars' '
test_cmp expect actual
'
+for VAR in a .a a. a.0b a."b c". a."b c".0d
+do
+ test_expect_success "git -c $VAR=VAL rejects invalid '$VAR'" '
+ test_must_fail git -c $VAR=VAL config -l
+ '
+done
+
test_expect_success 'git -c is not confused by empty environment' '
GIT_CONFIG_PARAMETERS="" git -c x.one=1 config --list
'
--
2.12.0-rc2-221-ga92f6f5816
next prev parent reply other threads:[~2017-02-21 18:56 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-15 11:17 [BUG] submodule config does not apply to upper case submodules? Lars Schneider
2017-02-15 11:33 ` [PATCH v1] t7400: cleanup "submodule add clone shallow submodule" test Lars Schneider
2017-02-15 18:29 ` Stefan Beller
2017-02-15 18:39 ` Junio C Hamano
2017-02-15 18:14 ` [BUG] submodule config does not apply to upper case submodules? Stefan Beller
2017-02-15 18:53 ` Junio C Hamano
2017-02-15 22:54 ` Jonathan Tan
2017-02-15 23:02 ` Junio C Hamano
2017-02-15 23:11 ` Junio C Hamano
2017-02-15 23:28 ` Stefan Beller
2017-02-15 23:37 ` Junio C Hamano
2017-02-15 23:43 ` Stefan Beller
2017-02-15 23:53 ` Junio C Hamano
2017-02-16 23:22 ` Jeff King
2017-02-15 23:33 ` Jonathan Tan
2017-02-16 18:49 ` Junio C Hamano
2017-02-15 23:48 ` [PATCH] config: preserve <subsection> case for one-shot config on the command line Junio C Hamano
2017-02-16 10:30 ` Lars Schneider
2017-02-16 16:59 ` Junio C Hamano
2017-02-16 23:27 ` Jeff King
2017-02-17 1:25 ` Junio C Hamano
2017-02-20 9:58 ` Junio C Hamano
2017-02-20 17:17 ` Lars Schneider
2017-02-21 7:38 ` Jeff King
2017-02-21 17:01 ` Junio C Hamano
2017-02-21 17:17 ` [PATCH v2] " Junio C Hamano
2017-02-21 17:50 ` Jeff King
2017-02-21 17:57 ` Stefan Beller
2017-02-21 18:53 ` Junio C Hamano [this message]
2017-02-21 19:15 ` [PATCH] config: reject invalid VAR in 'git -c VAR=VAL command' Stefan Beller
2017-02-21 20:33 ` Junio C Hamano
2017-02-21 21:24 ` [PATCH v2] " Junio C Hamano
2017-02-22 1:06 ` Junio C Hamano
2017-02-23 5:58 ` Jeff King
2017-02-23 7:19 ` Junio C Hamano
2017-02-23 23:19 ` Junio C Hamano
2017-02-24 0:41 ` Jeff King
2017-02-24 4:17 ` Junio C Hamano
2017-02-24 4:22 ` Jeff King
2017-02-24 6:08 ` Junio C Hamano
2017-02-24 6:10 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq37f7gyuj.fsf_-_@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).