From: Jeff King <peff@peff.net>
To: "Torsten Bögershausen" <tboegi@web.de>
Cc: Junio C Hamano <gitster@pobox.com>,
Michael Blume <blume.mike@gmail.com>,
Git List <git@vger.kernel.org>
Subject: [PATCH 3/3] init: use strbufs to store paths
Date: Sun, 4 Oct 2015 23:46:04 -0400 [thread overview]
Message-ID: <20151005034604.GC25502@sigill.intra.peff.net> (raw)
In-Reply-To: <20151005034126.GA5639@sigill.intra.peff.net>
The init code predates strbufs, and uses PATH_MAX-sized
buffers along with many manual checks on intermediate sizes
(some of which make magic assumptions, such as that init
will not create a path inside .git longer than 50
characters).
We can simplify this greatly by using strbufs, which drops
some hard-to-verify strcpy calls in favor of git_path_buf.
While we're in the area, let's also convert existing calls
to git_path to the safer git_path_buf (our existing calls
were passed to pretty tame functions, and so were not a
problem, but it's easy to be consistent and safe here).
Note that we had an explicit test that "git init" rejects
long template directories. This comes from 32d1776 (init: Do
not segfault on big GIT_TEMPLATE_DIR environment variable,
2009-04-18). We can drop the test_must_fail here, as we now
accept this and need only confirm that we don't segfault,
which was the original point of the test.
Signed-off-by: Jeff King <peff@peff.net>
---
Same as the original, but minus the bits that touch the precompose
probing.
builtin/init-db.c | 172 +++++++++++++++++++++++-------------------------------
t/t0001-init.sh | 4 +-
2 files changed, 76 insertions(+), 100 deletions(-)
diff --git a/builtin/init-db.c b/builtin/init-db.c
index 89addda..f59f407 100644
--- a/builtin/init-db.c
+++ b/builtin/init-db.c
@@ -36,10 +36,11 @@ static void safe_create_dir(const char *dir, int share)
die(_("Could not make %s writable by group"), dir);
}
-static void copy_templates_1(char *path, int baselen,
- char *template, int template_baselen,
+static void copy_templates_1(struct strbuf *path, struct strbuf *template,
DIR *dir)
{
+ size_t path_baselen = path->len;
+ size_t template_baselen = template->len;
struct dirent *de;
/* Note: if ".git/hooks" file exists in the repository being
@@ -49,77 +50,64 @@ static void copy_templates_1(char *path, int baselen,
* with the way the namespace under .git/ is organized, should
* be really carefully chosen.
*/
- safe_create_dir(path, 1);
+ safe_create_dir(path->buf, 1);
while ((de = readdir(dir)) != NULL) {
struct stat st_git, st_template;
- int namelen;
int exists = 0;
+ strbuf_setlen(path, path_baselen);
+ strbuf_setlen(template, template_baselen);
+
if (de->d_name[0] == '.')
continue;
- namelen = strlen(de->d_name);
- if ((PATH_MAX <= baselen + namelen) ||
- (PATH_MAX <= template_baselen + namelen))
- die(_("insanely long template name %s"), de->d_name);
- memcpy(path + baselen, de->d_name, namelen+1);
- memcpy(template + template_baselen, de->d_name, namelen+1);
- if (lstat(path, &st_git)) {
+ strbuf_addstr(path, de->d_name);
+ strbuf_addstr(template, de->d_name);
+ if (lstat(path->buf, &st_git)) {
if (errno != ENOENT)
- die_errno(_("cannot stat '%s'"), path);
+ die_errno(_("cannot stat '%s'"), path->buf);
}
else
exists = 1;
- if (lstat(template, &st_template))
- die_errno(_("cannot stat template '%s'"), template);
+ if (lstat(template->buf, &st_template))
+ die_errno(_("cannot stat template '%s'"), template->buf);
if (S_ISDIR(st_template.st_mode)) {
- DIR *subdir = opendir(template);
- int baselen_sub = baselen + namelen;
- int template_baselen_sub = template_baselen + namelen;
+ DIR *subdir = opendir(template->buf);
if (!subdir)
- die_errno(_("cannot opendir '%s'"), template);
- path[baselen_sub++] =
- template[template_baselen_sub++] = '/';
- path[baselen_sub] =
- template[template_baselen_sub] = 0;
- copy_templates_1(path, baselen_sub,
- template, template_baselen_sub,
- subdir);
+ die_errno(_("cannot opendir '%s'"), template->buf);
+ strbuf_addch(path, '/');
+ strbuf_addch(template, '/');
+ copy_templates_1(path, template, subdir);
closedir(subdir);
}
else if (exists)
continue;
else if (S_ISLNK(st_template.st_mode)) {
- char lnk[256];
- int len;
- len = readlink(template, lnk, sizeof(lnk));
- if (len < 0)
- die_errno(_("cannot readlink '%s'"), template);
- if (sizeof(lnk) <= len)
- die(_("insanely long symlink %s"), template);
- lnk[len] = 0;
- if (symlink(lnk, path))
- die_errno(_("cannot symlink '%s' '%s'"), lnk, path);
+ struct strbuf lnk = STRBUF_INIT;
+ if (strbuf_readlink(&lnk, template->buf, 0) < 0)
+ die_errno(_("cannot readlink '%s'"), template->buf);
+ if (symlink(lnk.buf, path->buf))
+ die_errno(_("cannot symlink '%s' '%s'"),
+ lnk.buf, path->buf);
+ strbuf_release(&lnk);
}
else if (S_ISREG(st_template.st_mode)) {
- if (copy_file(path, template, st_template.st_mode))
- die_errno(_("cannot copy '%s' to '%s'"), template,
- path);
+ if (copy_file(path->buf, template->buf, st_template.st_mode))
+ die_errno(_("cannot copy '%s' to '%s'"),
+ template->buf, path->buf);
}
else
- error(_("ignoring template %s"), template);
+ error(_("ignoring template %s"), template->buf);
}
}
static void copy_templates(const char *template_dir)
{
- char path[PATH_MAX];
- char template_path[PATH_MAX];
- int template_len;
+ struct strbuf path = STRBUF_INIT;
+ struct strbuf template_path = STRBUF_INIT;
+ size_t template_len;
DIR *dir;
- const char *git_dir = get_git_dir();
- int len = strlen(git_dir);
char *to_free = NULL;
if (!template_dir)
@@ -132,26 +120,23 @@ static void copy_templates(const char *template_dir)
free(to_free);
return;
}
- template_len = strlen(template_dir);
- if (PATH_MAX <= (template_len+strlen("/config")))
- die(_("insanely long template path %s"), template_dir);
- strcpy(template_path, template_dir);
- if (template_path[template_len-1] != '/') {
- template_path[template_len++] = '/';
- template_path[template_len] = 0;
- }
- dir = opendir(template_path);
+
+ strbuf_addstr(&template_path, template_dir);
+ strbuf_complete(&template_path, '/');
+ template_len = template_path.len;
+
+ dir = opendir(template_path.buf);
if (!dir) {
warning(_("templates not found %s"), template_dir);
goto free_return;
}
/* Make sure that template is from the correct vintage */
- strcpy(template_path + template_len, "config");
+ strbuf_addstr(&template_path, "config");
repository_format_version = 0;
git_config_from_file(check_repository_format_version,
- template_path, NULL);
- template_path[template_len] = 0;
+ template_path.buf, NULL);
+ strbuf_setlen(&template_path, template_len);
if (repository_format_version &&
repository_format_version != GIT_REPO_VERSION) {
@@ -162,17 +147,15 @@ static void copy_templates(const char *template_dir)
goto close_free_return;
}
- memcpy(path, git_dir, len);
- if (len && path[len - 1] != '/')
- path[len++] = '/';
- path[len] = 0;
- copy_templates_1(path, len,
- template_path, template_len,
- dir);
+ strbuf_addstr(&path, get_git_dir());
+ strbuf_complete(&path, '/');
+ copy_templates_1(&path, &template_path, dir);
close_free_return:
closedir(dir);
free_return:
free(to_free);
+ strbuf_release(&path);
+ strbuf_release(&template_path);
}
static int git_init_db_config(const char *k, const char *v, void *cb)
@@ -199,28 +182,20 @@ static int needs_work_tree_config(const char *git_dir, const char *work_tree)
static int create_default_files(const char *template_path)
{
- const char *git_dir = get_git_dir();
- unsigned len = strlen(git_dir);
- static char path[PATH_MAX];
struct stat st1;
+ struct strbuf buf = STRBUF_INIT;
+ char *path;
char repo_version_string[10];
char junk[2];
int reinit;
int filemode;
- if (len > sizeof(path)-50)
- die(_("insane git directory %s"), git_dir);
- memcpy(path, git_dir, len);
-
- if (len && path[len-1] != '/')
- path[len++] = '/';
-
/*
* Create .git/refs/{heads,tags}
*/
- safe_create_dir(git_path("refs"), 1);
- safe_create_dir(git_path("refs/heads"), 1);
- safe_create_dir(git_path("refs/tags"), 1);
+ safe_create_dir(git_path_buf(&buf, "refs"), 1);
+ safe_create_dir(git_path_buf(&buf, "refs/heads"), 1);
+ safe_create_dir(git_path_buf(&buf, "refs/tags"), 1);
/* Just look for `init.templatedir` */
git_config(git_init_db_config, NULL);
@@ -244,16 +219,16 @@ static int create_default_files(const char *template_path)
*/
if (shared_repository) {
adjust_shared_perm(get_git_dir());
- adjust_shared_perm(git_path("refs"));
- adjust_shared_perm(git_path("refs/heads"));
- adjust_shared_perm(git_path("refs/tags"));
+ adjust_shared_perm(git_path_buf(&buf, "refs"));
+ adjust_shared_perm(git_path_buf(&buf, "refs/heads"));
+ adjust_shared_perm(git_path_buf(&buf, "refs/tags"));
}
/*
* Create the default symlink from ".git/HEAD" to the "master"
* branch, if it does not exist yet.
*/
- strcpy(path + len, "HEAD");
+ path = git_path_buf(&buf, "HEAD");
reinit = (!access(path, R_OK)
|| readlink(path, junk, sizeof(junk)-1) != -1);
if (!reinit) {
@@ -266,10 +241,8 @@ static int create_default_files(const char *template_path)
"%d", GIT_REPO_VERSION);
git_config_set("core.repositoryformatversion", repo_version_string);
- path[len] = 0;
- strcpy(path + len, "config");
-
/* Check filemode trustability */
+ path = git_path_buf(&buf, "config");
filemode = TEST_FILEMODE;
if (TEST_FILEMODE && !lstat(path, &st1)) {
struct stat st2;
@@ -290,14 +263,13 @@ static int create_default_files(const char *template_path)
/* allow template config file to override the default */
if (log_all_ref_updates == -1)
git_config_set("core.logallrefupdates", "true");
- if (needs_work_tree_config(git_dir, work_tree))
+ if (needs_work_tree_config(get_git_dir(), work_tree))
git_config_set("core.worktree", work_tree);
}
if (!reinit) {
/* Check if symlink is supported in the work tree */
- path[len] = 0;
- strcpy(path + len, "tXXXXXX");
+ path = git_path_buf(&buf, "tXXXXXX");
if (!close(xmkstemp(path)) &&
!unlink(path) &&
!symlink("testing", path) &&
@@ -308,31 +280,35 @@ static int create_default_files(const char *template_path)
git_config_set("core.symlinks", "false");
/* Check if the filesystem is case-insensitive */
- path[len] = 0;
- strcpy(path + len, "CoNfIg");
+ path = git_path_buf(&buf, "CoNfIg");
if (!access(path, F_OK))
git_config_set("core.ignorecase", "true");
probe_utf8_pathname_composition();
}
+ strbuf_release(&buf);
return reinit;
}
static void create_object_directory(void)
{
- const char *object_directory = get_object_directory();
- int len = strlen(object_directory);
- char *path = xmalloc(len + 40);
+ struct strbuf path = STRBUF_INIT;
+ size_t baselen;
+
+ strbuf_addstr(&path, get_object_directory());
+ baselen = path.len;
+
+ safe_create_dir(path.buf, 1);
- memcpy(path, object_directory, len);
+ strbuf_setlen(&path, baselen);
+ strbuf_addstr(&path, "/pack");
+ safe_create_dir(path.buf, 1);
- safe_create_dir(object_directory, 1);
- strcpy(path+len, "/pack");
- safe_create_dir(path, 1);
- strcpy(path+len, "/info");
- safe_create_dir(path, 1);
+ strbuf_setlen(&path, baselen);
+ strbuf_addstr(&path, "/info");
+ safe_create_dir(path.buf, 1);
- free(path);
+ strbuf_release(&path);
}
int set_git_dir_init(const char *git_dir, const char *real_git_dir,
diff --git a/t/t0001-init.sh b/t/t0001-init.sh
index 7de8d85..f91bbcf 100755
--- a/t/t0001-init.sh
+++ b/t/t0001-init.sh
@@ -202,8 +202,8 @@ test_expect_success 'init honors global core.sharedRepository' '
x$(git config -f shared-honor-global/.git/config core.sharedRepository)
'
-test_expect_success 'init rejects insanely long --template' '
- test_must_fail git init --template=$(printf "x%09999dx" 1) test
+test_expect_success 'init allows insanely long --template' '
+ git init --template=$(printf "x%09999dx" 1) test
'
test_expect_success 'init creates a new directory' '
--
2.6.0.455.ga3f9923
next prev parent reply other threads:[~2015-10-05 3:46 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-24 21:02 [PATCH v2 0/68] war on sprintf Jeff King
2015-09-24 21:02 ` [PATCH 01/68] show-branch: avoid segfault with --reflog of unborn branch Jeff King
2015-09-24 21:03 ` [PATCH 02/68] mailsplit: fix FILE* leak in split_maildir Jeff King
2015-09-24 21:03 ` [PATCH 03/68] archive-tar: fix minor indentation violation Jeff King
2015-09-24 21:05 ` [PATCH 04/68] fsck: don't fsck alternates for connectivity-only check Jeff King
2015-09-24 21:05 ` [PATCH 05/68] add xsnprintf helper function Jeff King
2015-09-24 21:05 ` [PATCH 06/68] add git_path_buf " Jeff King
2015-09-24 21:05 ` [PATCH 07/68] strbuf: make strbuf_complete_line more generic Jeff King
2015-09-24 21:05 ` [PATCH 08/68] add reentrant variants of sha1_to_hex and find_unique_abbrev Jeff King
2015-09-24 21:05 ` [PATCH 09/68] fsck: use strbuf to generate alternate directories Jeff King
2015-09-24 21:05 ` [PATCH 10/68] mailsplit: make PATH_MAX buffers dynamic Jeff King
2015-09-24 21:05 ` [PATCH 11/68] trace: use strbuf for quote_crnl output Jeff King
2015-09-24 21:05 ` [PATCH 12/68] progress: store throughput display in a strbuf Jeff King
2015-09-24 21:06 ` [PATCH 13/68] test-dump-cache-tree: avoid overflow of cache-tree name Jeff King
2015-09-24 21:06 ` [PATCH 14/68] compat/inet_ntop: fix off-by-one in inet_ntop4 Jeff King
2015-09-24 21:06 ` [PATCH 15/68] convert trivial sprintf / strcpy calls to xsnprintf Jeff King
2015-09-24 21:06 ` [PATCH 16/68] archive-tar: use xsnprintf for trivial formatting Jeff King
2015-09-24 21:06 ` [PATCH 17/68] use xsnprintf for generating git object headers Jeff King
2015-09-24 21:06 ` [PATCH 18/68] find_short_object_filename: convert sprintf to xsnprintf Jeff King
2015-09-24 21:06 ` [PATCH 19/68] stop_progress_msg: " Jeff King
2015-09-24 21:06 ` [PATCH 20/68] compat/hstrerror: convert sprintf to snprintf Jeff King
2015-09-24 21:06 ` [PATCH 21/68] grep: use xsnprintf to format failure message Jeff King
2015-09-24 21:06 ` [PATCH 22/68] entry.c: convert strcpy to xsnprintf Jeff King
2015-09-24 21:06 ` [PATCH 23/68] add_packed_git: convert strcpy into xsnprintf Jeff King
2015-09-24 21:06 ` [PATCH 24/68] http-push: replace strcat with xsnprintf Jeff King
2015-09-24 21:07 ` [PATCH 25/68] receive-pack: convert strncpy to xsnprintf Jeff King
2015-09-24 21:07 ` [PATCH 26/68] replace trivial malloc + sprintf / strcpy calls with xstrfmt Jeff King
2015-09-24 21:07 ` [PATCH 27/68] config: use xstrfmt in normalize_value Jeff King
2015-09-24 21:07 ` [PATCH 28/68] fetch: replace static buffer with xstrfmt Jeff King
2015-09-24 21:07 ` [PATCH 29/68] use strip_suffix and xstrfmt to replace suffix Jeff King
2015-09-24 21:07 ` [PATCH 30/68] ref-filter: drop sprintf and strcpy calls Jeff King
2015-09-24 21:07 ` [PATCH 31/68] help: drop prepend function in favor of xstrfmt Jeff King
2015-09-24 21:07 ` [PATCH 32/68] mailmap: replace strcpy with xstrdup Jeff King
2015-09-24 21:07 ` [PATCH 33/68] read_branches_file: simplify string handling Jeff King
2015-09-24 21:07 ` [PATCH 34/68] read_remotes_file: " Jeff King
2015-09-24 21:07 ` [PATCH 35/68] resolve_ref: use strbufs for internal buffers Jeff King
2015-09-24 21:07 ` [PATCH 36/68] upload-archive: convert sprintf to strbuf Jeff King
2015-09-24 21:07 ` [PATCH 37/68] remote-ext: simplify git pkt-line generation Jeff King
2015-09-24 21:07 ` [PATCH 38/68] http-push: use strbuf instead of fwrite_buffer Jeff King
2015-09-24 21:07 ` [PATCH 39/68] http-walker: store url in a strbuf Jeff King
2015-09-24 21:07 ` [PATCH 40/68] sha1_get_pack_name: use " Jeff King
2015-09-24 21:07 ` [PATCH 41/68] init: use strbufs to store paths Jeff King
2015-09-29 23:50 ` Michael Blume
2015-09-30 0:23 ` Jeff King
2015-09-30 20:00 ` Junio C Hamano
2015-10-01 2:51 ` Jeff King
2015-10-02 6:00 ` Torsten Bögershausen
2015-10-02 15:33 ` Jeff King
2015-10-03 5:58 ` Torsten Bögershausen
2015-10-03 16:54 ` Junio C Hamano
2015-10-03 21:12 ` Torsten Bögershausen
2015-10-04 3:37 ` Jeff King
2015-10-04 6:31 ` Torsten Bögershausen
2015-10-05 3:41 ` Jeff King
2015-10-05 3:43 ` [PATCH 1/3] precompose_utf8: drop unused variable Jeff King
2015-10-06 3:24 ` Torsten Bögershausen
2015-10-05 3:45 ` [PATCH 2/3] probe_utf8_pathname_composition: use internal strbuf Jeff King
2015-10-05 3:46 ` Jeff King [this message]
2015-09-24 21:07 ` [PATCH 42/68] apply: convert root string to strbuf Jeff King
2015-09-24 21:07 ` [PATCH 43/68] transport: use strbufs for status table "quickref" strings Jeff King
2015-09-24 21:07 ` [PATCH 44/68] merge-recursive: convert malloc / strcpy to strbuf Jeff King
2015-09-24 21:07 ` [PATCH 45/68] enter_repo: convert fixed-size buffers to strbufs Jeff King
2015-09-24 21:07 ` [PATCH 46/68] remove_leading_path: use a strbuf for internal storage Jeff King
2015-09-24 21:07 ` [PATCH 47/68] write_loose_object: convert to strbuf Jeff King
2015-09-24 21:07 ` [PATCH 48/68] diagnose_invalid_index_path: use strbuf to avoid strcpy/strcat Jeff King
2015-09-24 21:07 ` [PATCH 49/68] fetch-pack: use argv_array for index-pack / unpack-objects Jeff King
2015-09-24 21:07 ` [PATCH 50/68] http-push: use an argv_array for setup_revisions Jeff King
2015-09-24 21:07 ` [PATCH 51/68] stat_tracking_info: convert to argv_array Jeff King
2015-09-24 21:08 ` [PATCH 52/68] daemon: use cld->env_array when re-spawning Jeff King
2015-09-24 21:08 ` [PATCH 53/68] use sha1_to_hex_r() instead of strcpy Jeff King
2015-09-24 21:08 ` [PATCH 54/68] drop strcpy in favor of raw sha1_to_hex Jeff King
2015-09-24 23:42 ` Eric Sunshine
2015-09-25 1:36 ` Jeff King
2015-09-24 21:08 ` [PATCH 55/68] color: add overflow checks for parsing colors Jeff King
2015-09-24 21:08 ` [PATCH 56/68] use alloc_ref rather than hand-allocating "struct ref" Jeff King
2015-09-24 21:08 ` [PATCH 57/68] avoid sprintf and strcpy with flex arrays Jeff King
2015-09-24 21:08 ` [PATCH 58/68] receive-pack: simplify keep_arg computation Jeff King
2015-09-24 21:08 ` [PATCH 59/68] help: clean up kfmclient munging Jeff King
2015-09-24 21:08 ` [PATCH 60/68] prefer memcpy to strcpy Jeff King
2015-09-27 11:19 ` René Scharfe
2015-09-27 13:06 ` Torsten Bögershausen
2015-09-27 13:13 ` René Scharfe
2015-09-27 13:24 ` René Scharfe
2015-09-28 7:09 ` Rasmus Villemoes
2015-09-24 21:08 ` [PATCH 61/68] color: add color_set helper for copying raw colors Jeff King
2015-09-24 21:08 ` [PATCH 62/68] notes: document length of fanout path with a constant Jeff King
2015-09-24 21:08 ` [PATCH 63/68] convert strncpy to memcpy Jeff King
2015-09-24 21:08 ` [PATCH 64/68] fsck: drop inode-sorting code Jeff King
2015-09-24 21:08 ` [PATCH 65/68] Makefile: drop D_INO_IN_DIRENT build knob Jeff King
2015-09-24 21:08 ` [PATCH 66/68] fsck: use for_each_loose_file_in_objdir Jeff King
2015-09-26 3:36 ` Jeff King
2015-09-24 21:08 ` [PATCH 67/68] use strbuf_complete to conditionally append slash Jeff King
2015-09-24 21:08 ` [PATCH 68/68] name-rev: use strip_suffix to avoid magic numbers Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151005034604.GC25502@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=blume.mike@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=tboegi@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).