diff options
| author | Taylor Blau <me@ttaylorr.com> | 2022-10-06 17:42:55 -0400 |
|---|---|---|
| committer | Taylor Blau <me@ttaylorr.com> | 2022-10-06 17:42:55 -0400 |
| commit | 478a426f14b92cef92fc09df442b356a53f6fa8f (patch) | |
| tree | 1f2dcc827b46b148cc2305f48f35bb233d437fa7 /shell.c | |
| parent | f2eed22852b0a21556f0c9f56732913eba553e62 (diff) | |
| parent | 7800e1dccf622ba8d490b4c1c92af734be6242ff (diff) | |
| download | git-478a426f14b92cef92fc09df442b356a53f6fa8f.tar.gz | |
Sync with 2.33.5
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Diffstat (limited to 'shell.c')
| -rw-r--r-- | shell.c | 34 |
1 files changed, 30 insertions, 4 deletions
@@ -47,6 +47,8 @@ static void cd_to_homedir(void) die("could not chdir to user's home directory"); } +#define MAX_INTERACTIVE_COMMAND (4*1024*1024) + static void run_shell(void) { int done = 0; @@ -67,22 +69,46 @@ static void run_shell(void) run_command_v_opt(help_argv, RUN_SILENT_EXEC_FAILURE); do { - struct strbuf line = STRBUF_INIT; const char *prog; char *full_cmd; char *rawargs; + size_t len; char *split_args; const char **argv; int code; int count; fprintf(stderr, "git> "); - if (git_read_line_interactively(&line) == EOF) { + + /* + * Avoid using a strbuf or git_read_line_interactively() here. + * We don't want to allocate arbitrary amounts of memory on + * behalf of a possibly untrusted client, and we're subject to + * OS limits on command length anyway. + */ + fflush(stdout); + rawargs = xmalloc(MAX_INTERACTIVE_COMMAND); + if (!fgets(rawargs, MAX_INTERACTIVE_COMMAND, stdin)) { fprintf(stderr, "\n"); - strbuf_release(&line); + free(rawargs); break; } - rawargs = strbuf_detach(&line, NULL); + len = strlen(rawargs); + + /* + * If we truncated due to our input buffer size, reject the + * command. That's better than running bogus input, and + * there's a good chance it's just malicious garbage anyway. + */ + if (len >= MAX_INTERACTIVE_COMMAND - 1) + die("invalid command format: input too long"); + + if (len > 0 && rawargs[len - 1] == '\n') { + if (--len > 0 && rawargs[len - 1] == '\r') + --len; + rawargs[len] = '\0'; + } + split_args = xstrdup(rawargs); count = split_cmdline(split_args, &argv); if (count < 0) { |