summaryrefslogtreecommitdiffstats
path: root/fsck.c
diff options
context:
space:
mode:
authorJonathan Nieder <jrnieder@gmail.com>2010-04-24 18:06:08 +0200
committerJunio C Hamano <gitster@pobox.com>2010-05-01 21:15:06 +0200
commitdaae19224a05be9efb9a39c2a2c1c9a60fe906f1 (patch)
tree0c42e685da0c4cddf132ebf0bd829ace28585ea5 /fsck.c
parentGit 1.7.1 (diff)
downloadgit-daae19224a05be9efb9a39c2a2c1c9a60fe906f1.tar.xz
git-daae19224a05be9efb9a39c2a2c1c9a60fe906f1.zip
fsck: check ident lines in commit objects
Check that email addresses do not contain <, >, or newline so they can be quickly scanned without trouble. The copy() function in ident.c already ensures that ordinary git commands will not write email addresses without this property. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'fsck.c')
-rw-r--r--fsck.c47
1 files changed, 47 insertions, 0 deletions
diff --git a/fsck.c b/fsck.c
index 89278c1459..ae9ae1abee 100644
--- a/fsck.c
+++ b/fsck.c
@@ -222,12 +222,47 @@ static int fsck_tree(struct tree *item, int strict, fsck_error error_func)
return retval;
}
+static int fsck_ident(char **ident, struct object *obj, fsck_error error_func)
+{
+ if (**ident == '<' || **ident == '\n')
+ return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing space before email");
+ *ident += strcspn(*ident, "<\n");
+ if ((*ident)[-1] != ' ')
+ return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing space before email");
+ if (**ident != '<')
+ return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing email");
+ (*ident)++;
+ *ident += strcspn(*ident, "<>\n");
+ if (**ident != '>')
+ return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad email");
+ (*ident)++;
+ if (**ident != ' ')
+ return error_func(obj, FSCK_ERROR, "invalid author/committer line - missing space before date");
+ (*ident)++;
+ if (**ident == '0' && (*ident)[1] != ' ')
+ return error_func(obj, FSCK_ERROR, "invalid author/committer line - zero-padded date");
+ *ident += strspn(*ident, "0123456789");
+ if (**ident != ' ')
+ return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad date");
+ (*ident)++;
+ if ((**ident != '+' && **ident != '-') ||
+ !isdigit((*ident)[1]) ||
+ !isdigit((*ident)[2]) ||
+ !isdigit((*ident)[3]) ||
+ !isdigit((*ident)[4]) ||
+ ((*ident)[5] != '\n'))
+ return error_func(obj, FSCK_ERROR, "invalid author/committer line - bad time zone");
+ (*ident) += 6;
+ return 0;
+}
+
static int fsck_commit(struct commit *commit, fsck_error error_func)
{
char *buffer = commit->buffer;
unsigned char tree_sha1[20], sha1[20];
struct commit_graft *graft;
int parents = 0;
+ int err;
if (commit->date == ULONG_MAX)
return error_func(&commit->object, FSCK_ERROR, "invalid author/committer line");
@@ -266,6 +301,18 @@ static int fsck_commit(struct commit *commit, fsck_error error_func)
}
if (memcmp(buffer, "author ", 7))
return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'author' line");
+ buffer += 7;
+ err = fsck_ident(&buffer, &commit->object, error_func);
+ if (err)
+ return err;
+ if (memcmp(buffer, "committer ", strlen("committer ")))
+ return error_func(&commit->object, FSCK_ERROR, "invalid format - expected 'committer' line");
+ buffer += strlen("committer ");
+ err = fsck_ident(&buffer, &commit->object, error_func);
+ if (err)
+ return err;
+ if (*buffer != '\n')
+ return error_func(&commit->object, FSCK_ERROR, "invalid format - expected blank line");
if (!commit->tree)
return error_func(&commit->object, FSCK_ERROR, "could not load commit's tree %s", sha1_to_hex(tree_sha1));