Google Git
Sign in
googlers / jrn / git / 090fd4fe24b9da9d912aa5856f4cd32d157924c6
commit090fd4fe24b9da9d912aa5856f4cd32d157924c6[log] [tgz]
authorJeff King <peff@peff.net>Wed Feb 20 15:01:26 2013 -0500
committerJunio C Hamano <gitster@pobox.com>Wed Feb 20 13:42:21 2013 -0800
tree38bfc3c1f2b987b25fcb302721af7f2393673ebf
parent6379dd052243aa6b1cc5115b72b78aedbeeed008 [diff]
upload-archive: use argv_array to store client arguments

The current parsing scheme for upload-archive is to pack
arguments into a fixed-size buffer, separated by NULs, and
put a pointer to each argument in the buffer into a
fixed-size argv array.

This works fine, and the limits are high enough that nobody
reasonable is going to hit them, but it makes the code hard
to follow.  Instead, let's just stuff the arguments into an
argv_array, which is much simpler. That lifts the "all
arguments must fit inside 4K together" limit.

We could also trivially lift the MAX_ARGS limitation (in
fact, we have to keep extra code to enforce it). But that
would mean a client could force us to allocate an arbitrary
amount of memory simply by sending us "argument" lines. By
limiting the MAX_ARGS, we limit an attacker to about 4
megabytes (64 times a maximum 64K packet buffer). That may
sound like a lot compared to the 4K limit, but it's not a
big deal compared to what git-archive will actually allocate
while working (e.g., to load blobs into memory). The
important thing is that it is bounded.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 file changed
tree: 38bfc3c1f2b987b25fcb302721af7f2393673ebf
  1. block-sha1/
  2. builtin/
  3. compat/
  4. contrib/
  5. Documentation/
  6. git-gui/
  7. git_remote_helpers/
  8. gitk-git/
  9. gitweb/
  10. mergetools/
  11. perl/
  12. po/
  13. ppc/
  14. t/
  15. templates/
  16. vcs-svn/
  17. xdiff/
  18. RelNotesDocumentation/RelNotes/1.8.2.txt
  19. .gitattributes
  20. .gitignore
  21. .mailmap
  22. abspath.c
  23. aclocal.m4
  24. advice.c
  25. advice.h
  26. alias.c
  27. alloc.c
  28. archive-tar.c
  29. archive-zip.c
  30. archive.c
  31. archive.h
  32. argv-array.c
  33. argv-array.h
  34. attr.c
  35. attr.h
  36. base85.c
  37. bisect.c
  38. bisect.h
  39. blob.c
  40. blob.h
  41. branch.c
  42. branch.h
  43. builtin.h
  44. bulk-checkin.c
  45. bulk-checkin.h
  46. bundle.c
  47. bundle.h
  48. cache-tree.c
  49. cache-tree.h
  50. cache.h
  51. check-builtins.sh
  52. check-racy.c
  53. check_bindir
  54. color.c
  55. color.h
  56. column.c
  57. column.h
  58. combine-diff.c
  59. command-list.txt
  60. commit.c
  61. commit.h
  62. config.c
  63. config.mak.in
  64. config.mak.uname
  65. configure.ac
  66. connect.c
  67. connected.c
  68. connected.h
  69. convert.c
  70. convert.h
  71. copy.c
  72. COPYING
  73. credential-cache--daemon.c
  74. credential-cache.c
  75. credential-store.c
  76. credential.c
  77. credential.h
  78. csum-file.c
  79. csum-file.h
  80. ctype.c
  81. daemon.c
  82. date.c
  83. decorate.c
  84. decorate.h
  85. delta.h
  86. diff-delta.c
  87. diff-lib.c
  88. diff-no-index.c
  89. diff.c
  90. diff.h
  91. diffcore-break.c
  92. diffcore-delta.c
  93. diffcore-order.c
  94. diffcore-pickaxe.c
  95. diffcore-rename.c
  96. diffcore.h
  97. dir.c
  98. dir.h
  99. editor.c
  100. entry.c
  101. environment.c
  102. exec_cmd.c
  103. exec_cmd.h
  104. fast-import.c
  105. fetch-pack.c
  106. fetch-pack.h
  107. fixup-builtins
  108. fmt-merge-msg.h
  109. fsck.c
  110. fsck.h
  111. generate-cmdlist.sh
  112. gettext.c
  113. gettext.h
  114. git-add--interactive.perl
  115. git-am.sh
  116. git-archimport.perl
  117. git-bisect.sh
  118. git-compat-util.h
  119. git-cvsexportcommit.perl
  120. git-cvsimport.perl
  121. git-cvsserver.perl
  122. git-difftool--helper.sh
  123. git-difftool.perl
  124. git-filter-branch.sh
  125. git-instaweb.sh
  126. git-lost-found.sh
  127. git-merge-octopus.sh
  128. git-merge-one-file.sh
  129. git-merge-resolve.sh
  130. git-mergetool--lib.sh
  131. git-mergetool.sh
  132. git-p4.py
  133. git-parse-remote.sh
  134. git-pull.sh
  135. git-quiltimport.sh
  136. git-rebase--am.sh
  137. git-rebase--interactive.sh
  138. git-rebase--merge.sh
  139. git-rebase.sh
  140. git-relink.perl
  141. git-remote-testgit
  142. git-remote-testpy.py
  143. git-repack.sh
  144. git-request-pull.sh
  145. git-send-email.perl
  146. git-sh-i18n.sh
  147. git-sh-setup.sh
  148. git-stash.sh
  149. git-submodule.sh
  150. git-svn.perl
  151. GIT-VERSION-GEN
  152. git-web--browse.sh
  153. git.c
  154. git.spec.in
  155. gpg-interface.c
  156. gpg-interface.h
  157. graph.c
  158. graph.h
  159. grep.c
  160. grep.h
  161. hash.c
  162. hash.h
  163. help.c
  164. help.h
  165. hex.c
  166. http-backend.c
  167. http-fetch.c
  168. http-push.c
  169. http-walker.c
  170. http.c
  171. http.h
  172. ident.c
  173. imap-send.c
  174. INSTALL
  175. kwset.c
  176. kwset.h
  177. levenshtein.c
  178. levenshtein.h
  179. LGPL-2.1
  180. list-objects.c
  181. list-objects.h
  182. ll-merge.c
  183. ll-merge.h
  184. lockfile.c
  185. log-tree.c
  186. log-tree.h
  187. mailmap.c
  188. mailmap.h
  189. Makefile
  190. match-trees.c
  191. merge-blobs.c
  192. merge-blobs.h
  193. merge-recursive.c
  194. merge-recursive.h
  195. merge.c
  196. mergesort.c
  197. mergesort.h
  198. name-hash.c
  199. notes-cache.c
  200. notes-cache.h
  201. notes-merge.c
  202. notes-merge.h
  203. notes.c
  204. notes.h
  205. object.c
  206. object.h
  207. pack-check.c
  208. pack-refs.c
  209. pack-refs.h
  210. pack-revindex.c
  211. pack-revindex.h
  212. pack-write.c
  213. pack.h
  214. pager.c
  215. parse-options-cb.c
  216. parse-options.c
  217. parse-options.h
  218. patch-delta.c
  219. patch-ids.c
  220. patch-ids.h
  221. path.c
  222. pathspec.c
  223. pathspec.h
  224. pkt-line.c
  225. pkt-line.h
  226. preload-index.c
  227. pretty.c
  228. progress.c
  229. progress.h
  230. prompt.c
  231. prompt.h
  232. quote.c
  233. quote.h
  234. reachable.c
  235. reachable.h
  236. read-cache.c
  237. README
  238. reflog-walk.c
  239. reflog-walk.h
  240. refs.c
  241. refs.h
  242. remote-curl.c
  243. remote-testsvn.c
  244. remote.c
  245. remote.h
  246. replace_object.c
  247. rerere.c
  248. rerere.h
  249. resolve-undo.c
  250. resolve-undo.h
  251. revision.c
  252. revision.h
  253. run-command.c
  254. run-command.h
  255. send-pack.c
  256. send-pack.h
  257. sequencer.c
  258. sequencer.h
  259. server-info.c
  260. setup.c
  261. sh-i18n--envsubst.c
  262. sha1-array.c
  263. sha1-array.h
  264. sha1-lookup.c
  265. sha1-lookup.h
  266. sha1_file.c
  267. sha1_name.c
  268. shallow.c
  269. shell.c
  270. shortlog.h
  271. show-index.c
  272. sideband.c
  273. sideband.h
  274. sigchain.c
  275. sigchain.h
  276. strbuf.c
  277. strbuf.h
  278. streaming.c
  279. streaming.h
  280. string-list.c
  281. string-list.h
  282. submodule.c
  283. submodule.h
  284. symlinks.c
  285. tag.c
  286. tag.h
  287. tar.h
  288. test-chmtime.c
  289. test-ctype.c
  290. test-date.c
  291. test-delta.c
  292. test-dump-cache-tree.c
  293. test-genrandom.c
  294. test-index-version.c
  295. test-line-buffer.c
  296. test-match-trees.c
  297. test-mergesort.c
  298. test-mktemp.c
  299. test-parse-options.c
  300. test-path-utils.c
  301. test-regex.c
  302. test-revision-walking.c
  303. test-run-command.c
  304. test-scrap-cache-tree.c
  305. test-sha1.c
  306. test-sha1.sh
  307. test-sigchain.c
  308. test-string-list.c
  309. test-subprocess.c
  310. test-svn-fe.c
  311. test-wildmatch.c
  312. thread-utils.c
  313. thread-utils.h
  314. trace.c
  315. transport-helper.c
  316. transport.c
  317. transport.h
  318. tree-diff.c
  319. tree-walk.c
  320. tree-walk.h
  321. tree.c
  322. tree.h
  323. unimplemented.sh
  324. unix-socket.c
  325. unix-socket.h
  326. unpack-trees.c
  327. unpack-trees.h
  328. upload-pack.c
  329. url.c
  330. url.h
  331. usage.c
  332. userdiff.c
  333. userdiff.h
  334. utf8.c
  335. utf8.h
  336. varint.c
  337. varint.h
  338. version.c
  339. version.h
  340. walker.c
  341. walker.h
  342. wildmatch.c
  343. wildmatch.h
  344. wrap-for-bin.sh
  345. wrapper.c
  346. write_or_die.c
  347. ws.c
  348. wt-status.c
  349. wt-status.h
  350. xdiff-interface.c
  351. xdiff-interface.h
  352. zlib.c