Fix a memory leak in "connect.c" and die if command too long.

Use "add_to_string" instead of "sq_quote" and "snprintf", so that there is no memory allocation and no memory leak. Also check if the command is too long to fit into the buffer and die if this is the case, instead of truncating it to the buffer size. Signed-off-by: N Christian Couder <chriscool@tuxfamily.org> Signed-off-by: N Junio C Hamano <junkio@cox.net>

Fix a memory leak in "connect.c" and die if command too long.
Use "add_to_string" instead of "sq_quote" and "snprintf", so that there is no memory allocation and no memory leak. Also check if the command is too long to fit into the buffer and die if this is the case, instead of truncating it to the buffer size. Signed-off-by: N Christian Couder <chriscool@tuxfamily.org> Signed-off-by: N Junio C Hamano <junkio@cox.net>
0f503d77 · Christian Couder · Junio C Hamano · 86257aa3 · 0f503d77
隐藏空白更改
内联并排

Showing with 14 addition and 3 deletion

connect.c connect.c +14 -3

未找到文件。
--- a/connect.c
+++ b/connect.c
@@ -599,12 +599,13 @@ static void git_proxy_connect(int fd[2], char *host)
 	close(pipefd[1][0]);
 }

+#define MAX_CMD_LEN 1024
+
 /*
 * Yeah, yeah, fixme. Need to pass in the heads etc.
 */
 int git_connect(int fd[2], char *url, const char *prog)
 {
-	char command[1024];
 	char *host, *path = url;
 	char *end;
 	int c;
@@ -697,8 +698,18 @@ int git_connect(int fd[2], char *url, const char *prog)
 	if (pid < 0)
 		die("unable to fork");
 	if (!pid) {
-		snprintf(command, sizeof(command), "%s %s", prog,
-			 sq_quote(path));
+		char command[MAX_CMD_LEN];
+		char *posn = command;
+		int size = MAX_CMD_LEN;
+		int of = 0;
+
+		of |= add_to_string(&posn, &size, prog, 0);
+		of |= add_to_string(&posn, &size, " ", 0);
+		of |= add_to_string(&posn, &size, path, 1);
+
+		if (of)
+			die("command line too long");
+
 		dup2(pipefd[1][0], 0);
 		dup2(pipefd[0][1], 1);
 		close(pipefd[0][0]);