From: Jeff King <peff@peff.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org, "Rubén Justo" <rjusto@gmail.com>
Subject: [PATCH 07/11] config: use git_config_pathname_dup() in easy cases
Date: Sat, 6 Apr 2024 21:03:01 -0400 [thread overview]
Message-ID: <20240407010301.GG868358@coredump.intra.peff.net> (raw)
In-Reply-To: <20240407005656.GA436890@coredump.intra.peff.net>
As with the previous commit for git_config_string(), this fixes simple
cases where calling git_config_pathname() may leak if a config variable
is seen multiple times.
Signed-off-by: Jeff King <peff@peff.net>
---
I mostly split this out because the diff is big, but maybe it would make
sense squashed to share the rationale?
builtin/commit.c | 4 ++--
builtin/log.c | 4 ++--
config.c | 8 ++++----
diff.c | 4 ++--
environment.c | 6 +++---
environment.h | 6 +++---
gpg-interface.c | 6 +++---
mailmap.c | 2 +-
mailmap.h | 2 +-
9 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/builtin/commit.c b/builtin/commit.c
index 9b6546d401..693175e5c4 100644
--- a/builtin/commit.c
+++ b/builtin/commit.c
@@ -107,7 +107,7 @@ static enum {
} commit_style;
static const char *logfile, *force_author;
-static const char *template_file;
+static char *template_file;
/*
* The _message variables are commit names from which to take
* the commit message and/or authorship.
@@ -1626,7 +1626,7 @@ static int git_commit_config(const char *k, const char *v,
struct wt_status *s = cb;
if (!strcmp(k, "commit.template"))
- return git_config_pathname(&template_file, k, v);
+ return git_config_pathname_dup(&template_file, k, v);
if (!strcmp(k, "commit.status")) {
include_status = git_config_bool(k, v);
return 0;
diff --git a/builtin/log.c b/builtin/log.c
index eb336f7efb..3df261f94a 100644
--- a/builtin/log.c
+++ b/builtin/log.c
@@ -957,7 +957,7 @@ static int do_signoff;
static enum auto_base_setting auto_base;
static char *from;
static const char *signature = git_version_string;
-static const char *signature_file;
+static char *signature_file;
static enum cover_setting config_cover_letter;
static char *config_output_directory;
static enum cover_from_description cover_from_description_mode = COVER_FROM_MESSAGE;
@@ -1044,7 +1044,7 @@ static int git_format_config(const char *var, const char *value,
if (!strcmp(var, "format.signature"))
return git_config_string(&signature, var, value);
if (!strcmp(var, "format.signaturefile"))
- return git_config_pathname(&signature_file, var, value);
+ return git_config_pathname_dup(&signature_file, var, value);
if (!strcmp(var, "format.coverletter")) {
if (value && !strcasecmp(value, "auto")) {
config_cover_letter = COVER_AUTO;
diff --git a/config.c b/config.c
index 449b8f4f66..c2863d6514 100644
--- a/config.c
+++ b/config.c
@@ -1434,10 +1434,10 @@ static int git_default_core_config(const char *var, const char *value,
}
if (!strcmp(var, "core.attributesfile"))
- return git_config_pathname(&git_attributes_file, var, value);
+ return git_config_pathname_dup(&git_attributes_file, var, value);
if (!strcmp(var, "core.hookspath"))
- return git_config_pathname(&git_hooks_path, var, value);
+ return git_config_pathname_dup(&git_hooks_path, var, value);
if (!strcmp(var, "core.bare")) {
is_bare_repository_cfg = git_config_bool(var, value);
@@ -1601,7 +1601,7 @@ static int git_default_core_config(const char *var, const char *value,
return git_config_string_dup(&askpass_program, var, value);
if (!strcmp(var, "core.excludesfile"))
- return git_config_pathname(&excludes_file, var, value);
+ return git_config_pathname_dup(&excludes_file, var, value);
if (!strcmp(var, "core.whitespace")) {
if (!value)
@@ -1780,7 +1780,7 @@ static int git_default_push_config(const char *var, const char *value)
static int git_default_mailmap_config(const char *var, const char *value)
{
if (!strcmp(var, "mailmap.file"))
- return git_config_pathname(&git_mailmap_file, var, value);
+ return git_config_pathname_dup(&git_mailmap_file, var, value);
if (!strcmp(var, "mailmap.blob"))
return git_config_string_dup(&git_mailmap_blob, var, value);
diff --git a/diff.c b/diff.c
index bb00bc1110..6236746920 100644
--- a/diff.c
+++ b/diff.c
@@ -58,7 +58,7 @@ static int diff_context_default = 3;
static int diff_interhunk_context_default;
static char *diff_word_regex_cfg;
static char *external_diff_cmd_cfg;
-static const char *diff_order_file_cfg;
+static char *diff_order_file_cfg;
int diff_auto_refresh_index = 1;
static int diff_mnemonic_prefix;
static int diff_no_prefix;
@@ -433,7 +433,7 @@ int git_diff_ui_config(const char *var, const char *value,
if (!strcmp(var, "diff.wordregex"))
return git_config_string_dup(&diff_word_regex_cfg, var, value);
if (!strcmp(var, "diff.orderfile"))
- return git_config_pathname(&diff_order_file_cfg, var, value);
+ return git_config_pathname_dup(&diff_order_file_cfg, var, value);
if (!strcmp(var, "diff.ignoresubmodules")) {
if (!value)
diff --git a/environment.c b/environment.c
index 5e9fab4d1a..87123f902c 100644
--- a/environment.c
+++ b/environment.c
@@ -46,8 +46,8 @@ char *git_commit_encoding;
char *git_log_output_encoding;
char *apply_default_whitespace;
char *apply_default_ignorewhitespace;
-const char *git_attributes_file;
-const char *git_hooks_path;
+char *git_attributes_file;
+char *git_hooks_path;
int zlib_compression_level = Z_BEST_SPEED;
int pack_compression_level = Z_DEFAULT_COMPRESSION;
int fsync_object_files = -1;
@@ -60,7 +60,7 @@ size_t delta_base_cache_limit = 96 * 1024 * 1024;
unsigned long big_file_threshold = 512 * 1024 * 1024;
char *editor_program;
char *askpass_program;
-const char *excludes_file;
+char *excludes_file;
enum auto_crlf auto_crlf = AUTO_CRLF_FALSE;
enum eol core_eol = EOL_UNSET;
int global_conv_flags_eol = CONV_EOL_RNDTRP_WARN;
diff --git a/environment.h b/environment.h
index f06024a457..c33f101b24 100644
--- a/environment.h
+++ b/environment.h
@@ -124,8 +124,8 @@ extern int warn_ambiguous_refs;
extern int warn_on_object_refname_ambiguity;
extern char *apply_default_whitespace;
extern char *apply_default_ignorewhitespace;
-extern const char *git_attributes_file;
-extern const char *git_hooks_path;
+extern char *git_attributes_file;
+extern char *git_hooks_path;
extern int zlib_compression_level;
extern int pack_compression_level;
extern size_t packed_git_window_size;
@@ -222,7 +222,7 @@ extern char *git_log_output_encoding;
extern char *editor_program;
extern char *askpass_program;
-extern const char *excludes_file;
+extern char *excludes_file;
/*
* Should we print an ellipsis after an abbreviated SHA-1 value
diff --git a/gpg-interface.c b/gpg-interface.c
index 4b2f70ef44..d6e45ff09c 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -28,7 +28,7 @@ static void gpg_interface_lazy_init(void)
static char *configured_signing_key;
static char *ssh_default_key_command;
-static const char *ssh_allowed_signers, *ssh_revocation_file;
+static char *ssh_allowed_signers, *ssh_revocation_file;
static enum signature_trust_level configured_min_trust_level = TRUST_UNDEFINED;
struct gpg_format {
@@ -766,10 +766,10 @@ static int git_gpg_config(const char *var, const char *value,
return git_config_string_dup(&ssh_default_key_command, var, value);
if (!strcmp(var, "gpg.ssh.allowedsignersfile"))
- return git_config_pathname(&ssh_allowed_signers, var, value);
+ return git_config_pathname_dup(&ssh_allowed_signers, var, value);
if (!strcmp(var, "gpg.ssh.revocationfile"))
- return git_config_pathname(&ssh_revocation_file, var, value);
+ return git_config_pathname_dup(&ssh_revocation_file, var, value);
if (!strcmp(var, "gpg.program") || !strcmp(var, "gpg.openpgp.program"))
fmtname = "openpgp";
diff --git a/mailmap.c b/mailmap.c
index 9bd11c90e6..b2efe29b3d 100644
--- a/mailmap.c
+++ b/mailmap.c
@@ -6,7 +6,7 @@
#include "object-store-ll.h"
#include "setup.h"
-const char *git_mailmap_file;
+char *git_mailmap_file;
char *git_mailmap_blob;
struct mailmap_info {
diff --git a/mailmap.h b/mailmap.h
index a1bc019b52..cbda9bc5e0 100644
--- a/mailmap.h
+++ b/mailmap.h
@@ -3,7 +3,7 @@
struct string_list;
-extern const char *git_mailmap_file;
+extern char *git_mailmap_file;
extern char *git_mailmap_blob;
int read_mailmap(struct string_list *map);
--
2.44.0.872.g288abe5b5b
next prev parent reply other threads:[~2024-04-07 1:03 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-06 18:11 [PATCH] config: do not leak excludes_file Junio C Hamano
2024-04-06 19:17 ` [WIP] git_config_pathname() leakfix Junio C Hamano
2024-04-07 0:56 ` [PATCH 0/12] git_config_string() considered harmful Jeff King
2024-04-07 0:58 ` [PATCH 01/11] config: make sequencer.c's git_config_string_dup() public Jeff King
2024-04-07 1:00 ` [PATCH 02/11] config: add git_config_pathname_dup() Jeff King
2024-04-07 1:00 ` [PATCH 03/11] config: prefer git_config_string_dup() for temp variables Jeff King
2024-04-07 1:50 ` Eric Sunshine
2024-04-07 2:45 ` Jeff King
2024-04-07 1:01 ` [PATCH 04/11] config: use git_config_string_dup() for open-coded equivalents Jeff King
2024-04-07 1:01 ` [PATCH 05/11] config: use git_config_string_dup() to fix leaky open coding Jeff King
2024-04-07 1:02 ` [PATCH 06/11] config: use git_config_string() in easy cases Jeff King
2024-04-07 2:05 ` Eric Sunshine
2024-04-07 2:47 ` Jeff King
2024-04-07 1:03 ` Jeff King [this message]
2024-04-07 1:03 ` [PATCH 08/11] http: use git_config_string_dup() Jeff King
2024-04-07 1:04 ` [PATCH 09/11] merge: use git_config_string_dup() for pull strategies Jeff King
2024-04-07 1:04 ` [PATCH 10/11] userdiff: use git_config_string_dup() when we can Jeff King
2024-04-07 1:07 ` [PATCH 11/11] blame: use "dup" string_list for ignore-revs files Jeff King
2024-04-07 2:42 ` Eric Sunshine
2024-04-07 1:08 ` [PATCH 0/12] git_config_string() considered harmful Jeff King
2024-04-07 17:58 ` Rubén Justo
2024-04-08 20:55 ` Jeff King
2024-04-11 23:36 ` Rubén Justo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240407010301.GG868358@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=rjusto@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).