'[PATCH] git-remote: do not use user input in a printf format string'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       git
Subject:    [PATCH] git-remote: do not use user input in a printf format string
From:       Johannes Sixt <johannes.sixt () telecom ! at>
Date:       2008-09-22 11:03:25
Message-ID: 1222081405-12113-1-git-send-email-johannes.sixt () telecom ! at
[Download RAW message or body]

'git remote show' substituted the remote name into a string that was later
used as a printf format string. If a remote name contains a printf format
specifier like this:

   $ git remote add foo%sbar .

then the command

   $ git remote show foo%sbar

would print garbage (if you are lucky) or crash. This fixes it.

Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at>
---
 builtin-remote.c |   17 ++++++++---------
 1 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/builtin-remote.c b/builtin-remote.c
index 01945a8..890a680 100644
--- a/builtin-remote.c
+++ b/builtin-remote.c
@@ -407,14 +407,15 @@ static int rm(int argc, const char **argv)
 	return i;
 }
 
-static void show_list(const char *title, struct string_list *list)
+static void show_list(const char *title, struct string_list *list,
+		      const char *extra_arg)
 {
 	int i;
 
 	if (!list->nr)
 		return;
 
-	printf(title, list->nr > 1 ? "es" : "");
+	printf(title, list->nr > 1 ? "es" : "", extra_arg);
 	printf("\n    ");
 	for (i = 0; i < list->nr; i++)
 		printf("%s%s", i ? " " : "", list->items[i].string);
@@ -503,18 +504,16 @@ static int show(int argc, const char **argv)
 		}
 
 		if (!no_query) {
-			strbuf_init(&buf, 0);
-			strbuf_addf(&buf, "  New remote branch%%s (next fetch "
-				"will store in remotes/%s)", states.remote->name);
-			show_list(buf.buf, &states.new);
-			strbuf_release(&buf);
+			show_list("  New remote branch%s (next fetch "
+				"will store in remotes/%s)",
+				&states.new, states.remote->name);
 			show_list("  Stale tracking branch%s (use 'git remote "
-				"prune')", &states.stale);
+				"prune')", &states.stale, "");
 		}
 
 		if (no_query)
 			for_each_ref(append_ref_to_tracked_list, &states);
-		show_list("  Tracked remote branch%s", &states.tracked);
+		show_list("  Tracked remote branch%s", &states.tracked, "");
 
 		if (states.remote->push_refspec_nr) {
 			printf("  Local branch%s pushed with 'git push'\n   ",
-- 
1.6.0.1.281.g8a3c6

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic