From: Jeff King <peff@peff.net>
To: "René Scharfe" <l.s.r@web.de>
Cc: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Keegan Carruthers-Smith" <keegan.csmith@gmail.com>,
git@vger.kernel.org
Subject: Re: git archive generates tar with malformed pax extended attribute
Date: Tue, 28 May 2019 01:44:35 -0400 [thread overview]
Message-ID: <20190528054434.GA7946@sigill.intra.peff.net> (raw)
In-Reply-To: <2b52ca7b-bb72-193a-9d6b-83003ce49424@web.de>
On Sun, May 26, 2019 at 11:33:20PM +0200, René Scharfe wrote:
> Git archive writes link targets that are 100 characters long or less
> into the appropriate field in the plain tar header. It copies
> everything, including NULs, but unlike a PAX extended header that field
> lacks a length indicator, so extractors basically have to treat it as
> NUL-terminated.
>
> If we want to preserve NUL in short link targets as well, we'd have to
> put such names into an PAX extended header..
I can't say that I care much either way, since putting NULs in your
filenames is pretty crazy. But that would at least make things
consistent regardless of the length.
I also wondered if you could play any security tricks here (e.g., by
having one tool view a filename as "foo" and another as "foo\0bar"). I
doubt it, though. Filenames themselves in Git are always
NUL-terminated, since that's dictated the tree format; so this is really
just about link destinations.
And even then, it's hard to imagine a case. I was wondering if you could
have an entry ".git\0foo" that ends up written to the filesystem as
".git". But these are tar archives we're talking about, so it's not like
you couldn't just put ".git" in a tar file in the first place.
But maybe somebody else can brainstorm something more evil. :)
-Peff
next prev parent reply other threads:[~2019-05-28 5:44 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-24 6:45 git archive generates tar with malformed pax extended attribute Keegan Carruthers-Smith
2019-05-24 7:06 ` Jeff King
2019-05-24 7:35 ` Keegan Carruthers-Smith
2019-05-24 8:13 ` Jeff King
2019-05-25 13:26 ` René Scharfe
2019-05-25 13:46 ` Andreas Schwab
2019-05-25 21:07 ` Ævar Arnfjörð Bjarmason
2019-05-26 21:33 ` René Scharfe
2019-05-28 5:44 ` Jeff King [this message]
2019-05-28 5:58 ` Jeff King
2019-05-28 18:01 ` René Scharfe
2019-05-28 19:08 ` Jeff King
2019-05-28 23:34 ` René Scharfe
2019-05-29 1:17 ` Jeff King
2019-05-29 17:54 ` René Scharfe
2019-05-30 11:55 ` Jeff King
2019-06-02 16:58 ` René Scharfe
2019-06-04 20:53 ` Jeff King
2019-05-27 5:11 ` Keegan Carruthers-Smith
2019-05-25 20:46 ` Ævar Arnfjörð Bjarmason
2019-05-25 21:19 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190528054434.GA7946@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=keegan.csmith@gmail.com \
--cc=l.s.r@web.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).