diff options
author | Armin Kuster <akuster@mvista.com> | 2016-09-17 15:22:39 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-23 23:21:43 +0100 |
commit | 64ff6226d0c927c05fc42fd9ca8b31bac129b16d (patch) | |
tree | 053b97b1faac660044f6c9a86670a30cd7e52e52 /meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch | |
parent | 91e05c25eb221ff1dc2bde5cfaa0bea88345b1e4 (diff) | |
download | openembedded-core-64ff6226d0c927c05fc42fd9ca8b31bac129b16d.tar.gz |
git: Security fix CVE-2016-2315 CVE-2016-2324
git versions < 2.5.5 & 2.7.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
Diffstat (limited to 'meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch')
-rw-r--r-- | meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch new file mode 100644 index 0000000000..35aded049d --- /dev/null +++ b/meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch @@ -0,0 +1,160 @@ +From f3badaed5106a16499d0fae31a382f9047b272d7 Mon Sep 17 00:00:00 2001 +From: Jeff King <peff@peff.net> +Date: Thu, 11 Feb 2016 17:26:18 -0500 +Subject: [PATCH] list-objects: convert name_path to a strbuf + +The "struct name_path" data is examined in only two places: +we generate it in process_tree(), and we convert it to a +single string in path_name(). Everyone else just passes it +through to those functions. + +We can further note that process_tree() already keeps a +single strbuf with the leading tree path, for use with +tree_entry_interesting(). + +Instead of building a separate name_path linked list, let's +just use the one we already build in "base". This reduces +the amount of code (especially tricky code in path_name() +which did not check for integer overflows caused by deep +or large pathnames). + +It is also more efficient in some instances. Any time we +were using tree_entry_interesting, we were building up the +strbuf anyway, so this is an immediate and obvious win +there. In cases where we were not, we trade off storing +"pathname/" in a strbuf on the heap for each level of the +path, instead of two pointers and an int on the stack (with +one pointer into the tree object). On a 64-bit system, the +latter is 20 bytes; so if path components are less than that +on average, this has lower peak memory usage. In practice +it probably doesn't matter either way; we are already +holding in memory all of the tree objects leading up to each +pathname, and for normal-depth pathnames, we are only +talking about hundreds of bytes. + +This patch leaves "struct name_path" as a thin wrapper +around the strbuf, to avoid disrupting callbacks. We should +fix them, but leaving it out makes this diff easier to view. + +Signed-off-by: Jeff King <peff@peff.net> +Signed-off-by: Junio C Hamano <gitster@pobox.com> + +Upstream-Status: Backport +CVE: CVE-2016-2315 patch3 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + list-objects.c | 22 +++++++++------------- + revision.c | 25 +++++-------------------- + revision.h | 4 +--- + 3 files changed, 15 insertions(+), 36 deletions(-) + +diff --git a/list-objects.c b/list-objects.c +index 41736d2..dc46b9a 100644 +--- a/list-objects.c ++++ b/list-objects.c +@@ -62,7 +62,6 @@ static void process_gitlink(struct rev_info *revs, + static void process_tree(struct rev_info *revs, + struct tree *tree, + show_object_fn show, +- struct name_path *path, + struct strbuf *base, + const char *name, + void *cb_data) +@@ -86,17 +85,14 @@ static void process_tree(struct rev_info *revs, + return; + die("bad tree object %s", sha1_to_hex(obj->sha1)); + } ++ + obj->flags |= SEEN; +- show(obj, path, name, cb_data); +- me.up = path; +- me.elem = name; +- me.elem_len = strlen(name); +- +- if (!match) { +- strbuf_addstr(base, name); +- if (base->len) +- strbuf_addch(base, '/'); +- } ++ me.base = base; ++ show(obj, &me, name, cb_data); ++ ++ strbuf_addstr(base, name); ++ if (base->len) ++ strbuf_addch(base, '/'); + + init_tree_desc(&desc, tree->buffer, tree->size); + +@@ -113,7 +109,7 @@ static void process_tree(struct rev_info *revs, + if (S_ISDIR(entry.mode)) + process_tree(revs, + lookup_tree(entry.sha1), +- show, &me, base, entry.path, ++ show, base, entry.path, + cb_data); + else if (S_ISGITLINK(entry.mode)) + process_gitlink(revs, entry.sha1, +@@ -220,7 +216,7 @@ void traverse_commit_list(struct rev_info *revs, + path = ""; + if (obj->type == OBJ_TREE) { + process_tree(revs, (struct tree *)obj, show_object, +- NULL, &base, path, data); ++ &base, path, data); + continue; + } + if (obj->type == OBJ_BLOB) { +diff --git a/revision.c b/revision.c +index cf544b6..f8c3034 100644 +--- a/revision.c ++++ b/revision.c +@@ -23,26 +23,11 @@ volatile show_early_output_fn_t show_early_output; + + char *path_name(const struct name_path *path, const char *name) + { +- const struct name_path *p; +- char *n, *m; +- int nlen = strlen(name); +- int len = nlen + 1; +- +- for (p = path; p; p = p->up) { +- if (p->elem_len) +- len += p->elem_len + 1; +- } +- n = xmalloc(len); +- m = n + len - (nlen + 1); +- strcpy(m, name); +- for (p = path; p; p = p->up) { +- if (p->elem_len) { +- m -= p->elem_len + 1; +- memcpy(m, p->elem, p->elem_len); +- m[p->elem_len] = '/'; +- } +- } +- return n; ++ struct strbuf ret = STRBUF_INIT; ++ if (path) ++ strbuf_addbuf(&ret, path->base); ++ strbuf_addstr(&ret, name); ++ return strbuf_detach(&ret, NULL); + } + + void show_object_with_name(FILE *out, struct object *obj, +diff --git a/revision.h b/revision.h +index 0ea8b4e..5e3c47c 100644 +--- a/revision.h ++++ b/revision.h +@@ -257,9 +257,7 @@ extern void mark_parents_uninteresting(struct commit *commit); + extern void mark_tree_uninteresting(struct tree *tree); + + struct name_path { +- struct name_path *up; +- int elem_len; +- const char *elem; ++ struct strbuf *base; + }; + + char *path_name(const struct name_path *path, const char *name); +-- +2.7.4 + |