mirror of
https://github.com/git/git.git
synced 2024-11-30 21:44:02 +08:00
sequencer.c: fix overflow & segfault in parse_strategy_opts()
The split_cmdline() function introduced in [1] returns an "int". If it's negative it signifies an error. The option parsing in [2] didn't account for this, and assigned the value directly to the "size_t xopts_nr". We'd then attempt to loop over all of these elements, and access uninitialized memory. There's a few things that use this for option parsing, but one way to trigger it is with a bad value to "-X <strategy-option>", e.g: git rebase -X"bad argument\"" In another context this might be a security issue, but in this case someone who's already able to inject arguments directly to our commands would be past other defenses, making this potential escalation a moot point. As the example above & test case shows the error reporting leaves something to be desired. The function will loop over the whitespace-split values, but when it encounters an error we'll only report the first element, which is OK, not the second "argument\"" whose quote is unbalanced. This is an inherent limitation of the current API, and the issue affects other API users. Let's not attempt to fix that now. If and when that happens these tests will need to be adjusted to assert the new output. 1.2b11e3170e
(If you have a config containing something like this:, 2006-06-05) 2.ca6c6b45dd
(sequencer (rebase -i): respect strategy/strategy_opts settings, 2017-01-02) Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
768bb238c4
commit
15a4cc912e
@ -2876,13 +2876,18 @@ static int populate_opts_cb(const char *key, const char *value, void *data)
|
||||
void parse_strategy_opts(struct replay_opts *opts, char *raw_opts)
|
||||
{
|
||||
int i;
|
||||
int count;
|
||||
char *strategy_opts_string = raw_opts;
|
||||
|
||||
if (*strategy_opts_string == ' ')
|
||||
strategy_opts_string++;
|
||||
|
||||
opts->xopts_nr = split_cmdline(strategy_opts_string,
|
||||
(const char ***)&opts->xopts);
|
||||
count = split_cmdline(strategy_opts_string,
|
||||
(const char ***)&opts->xopts);
|
||||
if (count < 0)
|
||||
die(_("could not split '%s': %s"), strategy_opts_string,
|
||||
split_cmdline_strerror(count));
|
||||
opts->xopts_nr = count;
|
||||
for (i = 0; i < opts->xopts_nr; i++) {
|
||||
const char *arg = opts->xopts[i];
|
||||
|
||||
|
@ -40,6 +40,24 @@ test_expect_success 'setup' '
|
||||
EOF
|
||||
'
|
||||
|
||||
test_expect_success 'bad -X <strategy-option> arguments: unclosed quote' '
|
||||
cat >expect <<-\EOF &&
|
||||
fatal: could not split '\''--bad'\'': unclosed quote
|
||||
EOF
|
||||
test_expect_code 128 git rebase -X"bad argument\"" side main >out 2>actual &&
|
||||
test_must_be_empty out &&
|
||||
test_cmp expect actual
|
||||
'
|
||||
|
||||
test_expect_success 'bad -X <strategy-option> arguments: bad escape' '
|
||||
cat >expect <<-\EOF &&
|
||||
fatal: could not split '\''--bad'\'': cmdline ends with \
|
||||
EOF
|
||||
test_expect_code 128 git rebase -X"bad escape \\" side main >out 2>actual &&
|
||||
test_must_be_empty out &&
|
||||
test_cmp expect actual
|
||||
'
|
||||
|
||||
test_expect_success '--ignore-whitespace works with apply backend' '
|
||||
test_must_fail git rebase --apply main side &&
|
||||
git rebase --abort &&
|
||||
|
Loading…
Reference in New Issue
Block a user