attr.c: move ATTR_MAX_FILE_SIZE check into read_attr_from_buf()
Commit3c50032ff5(attr: ignore overly large gitattributes files, 2022-12-01) added a defense-in-depth check to ensure that .gitattributes blobs read from the index do not exceed ATTR_MAX_FILE_SIZE (100 MB). But there were two cases added shortly after3c50032ff5was written which do not apply similar protections: -47cfc9bd7d(attr: add flag `--source` to work with tree-ish, 2023-01-14) -4723ae1007(attr.c: read attributes in a sparse directory, 2023-08-11) added a similar Ensure that we refuse to process a .gitattributes blob exceeding ATTR_MAX_FILE_SIZE when reading from either an arbitrary tree object or a sparse directory. This is done by pushing the ATTR_MAX_FILE_SIZE check down into the low-level `read_attr_from_buf()`. In doing so, plug a leak in `read_attr_from_index()` where we would accidentally leak the large buffer upon detecting it is too large to process. (Since `read_attr_from_buf()` handles a NULL buffer input, we can remove a NULL check before calling it in `read_attr_from_index()` as well). Co-authored-by: Jeff King <peff@peff.net> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Taylor Blau <me@ttaylorr.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Taylor Blau
committed by
Junio C Hamano
Junio C Hamano
parent
3c2a3fdc38
commit
c793f9cb08
19
attr.c
19
attr.c
@ -765,8 +765,8 @@ static struct attr_stack *read_attr_from_file(const char *path, unsigned flags)
|
||||
return res;
|
||||
}
|
||||
|
||||
static struct attr_stack *read_attr_from_buf(char *buf, const char *path,
|
||||
unsigned flags)
|
||||
static struct attr_stack *read_attr_from_buf(char *buf, size_t length,
|
||||
const char *path, unsigned flags)
|
||||
{
|
||||
struct attr_stack *res;
|
||||
char *sp;
|
||||
@ -774,6 +774,11 @@ static struct attr_stack *read_attr_from_buf(char *buf, const char *path,
|
||||
|
||||
if (!buf)
|
||||
return NULL;
|
||||
if (length >= ATTR_MAX_FILE_SIZE) {
|
||||
warning(_("ignoring overly large gitattributes blob '%s'"), path);
|
||||
free(buf);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
CALLOC_ARRAY(res, 1);
|
||||
for (sp = buf; *sp;) {
|
||||
@ -813,7 +818,7 @@ static struct attr_stack *read_attr_from_blob(struct index_state *istate,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return read_attr_from_buf(buf, path, flags);
|
||||
return read_attr_from_buf(buf, sz, path, flags);
|
||||
}
|
||||
|
||||
static struct attr_stack *read_attr_from_index(struct index_state *istate,
|
||||
@ -860,13 +865,7 @@ static struct attr_stack *read_attr_from_index(struct index_state *istate,
|
||||
stack = read_attr_from_blob(istate, &istate->cache[sparse_dir_pos]->oid, relative_path, flags);
|
||||
} else {
|
||||
buf = read_blob_data_from_index(istate, path, &size);
|
||||
if (!buf)
|
||||
return NULL;
|
||||
if (size >= ATTR_MAX_FILE_SIZE) {
|
||||
warning(_("ignoring overly large gitattributes blob '%s'"), path);
|
||||
return NULL;
|
||||
}
|
||||
stack = read_attr_from_buf(buf, path, flags);
|
||||
stack = read_attr_from_buf(buf, size, path, flags);
|
||||
}
|
||||
return stack;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user