1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
From c6bd2a1decc252d823104f9849c87ec8484b18ea Mon Sep 17 00:00:00 2001
From: Jeff King <peff@peff.net>
Date: Thu, 11 Feb 2016 17:23:48 -0500
Subject: [PATCH] http-push: stop using name_path
The graph traversal code here passes along a name_path to
build up the pathname at which we find each blob. But we
never actually do anything with the resulting names, making
it a waste of code and memory.
This usage came in aa1dbc9 (Update http-push functionality,
2006-03-07), and originally the result was passed to
"add_object" (which stored it, but didn't really use it,
either). But we stopped using that function in 1f1e895 (Add
"named object array" concept, 2006-06-19) in favor of
storing just the objects themselves.
Moreover, the generation of the name in process_tree() is
buggy. It sticks "name" onto the end of the name_path linked
list, and then passes it down again as it recurses (instead
of "entry.path"). So it's a good thing this was unused, as
the resulting path for "a/b/c/d" would end up as "a/a/a/a".
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Upstream-Status: Backport
CVE: CVE-2016-2315 patch1
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
http-push.c | 23 +++++++----------------
1 file changed, 7 insertions(+), 16 deletions(-)
diff --git a/http-push.c b/http-push.c
index c98dad2..8341909 100644
--- a/http-push.c
+++ b/http-push.c
@@ -1276,9 +1276,7 @@ static struct object_list **add_one_object(struct object *obj, struct object_lis
}
static struct object_list **process_blob(struct blob *blob,
- struct object_list **p,
- struct name_path *path,
- const char *name)
+ struct object_list **p)
{
struct object *obj = &blob->object;
@@ -1292,14 +1290,11 @@ static struct object_list **process_blob(struct blob *blob,
}
static struct object_list **process_tree(struct tree *tree,
- struct object_list **p,
- struct name_path *path,
- const char *name)
+ struct object_list **p)
{
struct object *obj = &tree->object;
struct tree_desc desc;
struct name_entry entry;
- struct name_path me;
obj->flags |= LOCAL;
@@ -1309,21 +1304,17 @@ static struct object_list **process_tree(struct tree *tree,
die("bad tree object %s", sha1_to_hex(obj->sha1));
obj->flags |= SEEN;
- name = xstrdup(name);
p = add_one_object(obj, p);
- me.up = path;
- me.elem = name;
- me.elem_len = strlen(name);
init_tree_desc(&desc, tree->buffer, tree->size);
while (tree_entry(&desc, &entry))
switch (object_type(entry.mode)) {
case OBJ_TREE:
- p = process_tree(lookup_tree(entry.sha1), p, &me, name);
+ p = process_tree(lookup_tree(entry.sha1), p);
break;
case OBJ_BLOB:
- p = process_blob(lookup_blob(entry.sha1), p, &me, name);
+ p = process_blob(lookup_blob(entry.sha1), p);
break;
default:
/* Subproject commit - not in this repository */
@@ -1342,7 +1333,7 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock)
int count = 0;
while ((commit = get_revision(revs)) != NULL) {
- p = process_tree(commit->tree, p, NULL, "");
+ p = process_tree(commit->tree, p);
commit->object.flags |= LOCAL;
if (!(commit->object.flags & UNINTERESTING))
count += add_send_request(&commit->object, lock);
@@ -1361,11 +1352,11 @@ static int get_delta(struct rev_info *revs, struct remote_lock *lock)
continue;
}
if (obj->type == OBJ_TREE) {
- p = process_tree((struct tree *)obj, p, NULL, name);
+ p = process_tree((struct tree *)obj, p);
continue;
}
if (obj->type == OBJ_BLOB) {
- p = process_blob((struct blob *)obj, p, NULL, name);
+ p = process_blob((struct blob *)obj, p);
continue;
}
die("unknown pending object %s (%s)", sha1_to_hex(obj->sha1), name);
--
2.7.4
|
