Commits

Junio C Hamano  committed c807f77

Fix minor DOS in rev-list.

A carefully crafted pathname can be used to disrupt downstream git-pack-objects
that uses 'git-rev-list --objects' output. Prevent this.

Signed-off-by: Junio C Hamano <junkio@cox.net>

  • Participants
  • Parent commits 91dd674

Comments (0)

Files changed (1)

 		die("unknown pending object %s (%s)", sha1_to_hex(obj->sha1), name);
 	}
 	while (objects) {
-		printf("%s %s\n", sha1_to_hex(objects->item->sha1), objects->name);
+		/* An object with name "foo\n0000000000000000000000000000000000000000"
+		 * can be used confuse downstream git-pack-objects very badly.
+		 */
+		const char *ep = strchr(objects->name, '\n');
+		if (ep) {
+			printf("%s %.*s\n", sha1_to_hex(objects->item->sha1),
+			       (int) (ep - objects->name),
+			       objects->name);
+		}
+		else
+			printf("%s %s\n", sha1_to_hex(objects->item->sha1), objects->name);
 		objects = objects->next;
 	}
 }