1
0
Fork 0
mirror of https://github.com/git/git.git synced 2024-10-30 22:07:53 +01:00
git/compat
Jeff King db85a8a9c2 compat/inet_ntop: fix off-by-one in inet_ntop4
Our compat inet_ntop4 function writes to a temporary buffer
with snprintf, and then uses strcpy to put the result into
the final "dst" buffer. We check the return value of
snprintf against the size of "dst", but fail to account for
the NUL terminator. As a result, we may overflow "dst" with
a single NUL. In practice, this doesn't happen because the
output of inet_ntop is limited, and we provide buffers that
are way oversized.

We can fix the off-by-one check easily, but while we are
here let's also use strlcpy for increased safety, just in
case there are other bugs lurking.

As a side note, this compat code seems to be BSD-derived.
Searching for "vixie inet_ntop" turns up NetBSD's latest
version of the same code, which has an identical fix (and
switches to strlcpy, too!).

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-09-25 10:18:18 -07:00
..
nedmalloc Windows: do not redefine _WIN32_WINNT 2013-09-11 14:50:19 -07:00
poll poll: honor the timeout on Win32 2015-09-14 12:53:48 -07:00
regex C: have space around && and || operators 2013-10-16 10:26:39 -07:00
vcbuild Merge branch 'ks/tree-diff-nway' 2014-06-03 12:06:40 -07:00
win32 Win32: Unicode file name support (dirent) 2014-07-15 11:19:09 -07:00
apple-common-crypto.h imap-send: use Apple's Security framework for base64 encoding 2013-07-30 08:53:24 -07:00
basename.c
bswap.h compat/bswap.h: detect endianness from XL C compiler macros 2014-10-27 11:51:12 -07:00
fopen.c
gmtime.c date: recognize bogus FreeBSD gmtime output 2014-04-01 14:39:04 -07:00
hstrerror.c
inet_ntop.c compat/inet_ntop: fix off-by-one in inet_ntop4 2015-09-25 10:18:18 -07:00
inet_pton.c Drop system includes from inet_pton/inet_ntop compatibility wrappers 2012-02-05 16:32:33 -08:00
memmem.c
mingw.c Mingw: verify both ends of the pipe () call 2015-08-28 11:11:50 -07:00
mingw.h Merge branch 'nd/untracked-cache' 2015-05-26 13:24:46 -07:00
mkdir.c compat: some mkdir() do not like a slash at the end 2012-08-24 09:48:51 -07:00
mkdtemp.c
mmap.c wrapper.c: add xpread() similar to xread() 2014-04-10 12:18:55 -07:00
msvc.c win32: use our own dirent.h 2010-11-23 16:06:50 -08:00
msvc.h MSVC: fix stat definition hell 2013-09-11 11:08:52 -07:00
obstack.c obstack.c: Fix some sparse warnings 2011-09-11 14:43:33 -07:00
obstack.h obstack: fix spelling of similar 2013-04-12 12:23:20 -07:00
pread.c
precompose_utf8.c Set core.precomposeunicode to true on e.g. HFS+ 2013-08-27 07:41:32 -07:00
precompose_utf8.h git on Mac OS and precomposed unicode 2012-07-08 22:03:46 -07:00
qsort.c cleanup: use internal memory allocation wrapper functions everywhere 2011-10-06 13:54:32 -07:00
setenv.c compat/setenv.c: error if name contains '=' 2011-12-14 19:31:03 -08:00
snprintf.c compat/snprintf: don't look at va_list twice 2011-12-12 09:09:35 -08:00
stat.c compat: convert modes to use portable file type values 2014-12-04 11:58:36 -08:00
strcasestr.c
strlcpy.c
strtoimax.c Add strtoimax() compatibility function. 2011-11-02 13:06:30 -07:00
strtoumax.c
terminal.c mingw: rename WIN32 cpp macro to GIT_WINDOWS_NATIVE 2013-05-08 12:14:35 -07:00
terminal.h add generic terminal prompt function 2011-12-12 16:09:38 -08:00
unsetenv.c Revert "compat/unsetenv.c: Fix a sparse warning" 2013-07-21 15:09:56 -07:00
win32.h mingw: rename WIN32 cpp macro to GIT_WINDOWS_NATIVE 2013-05-08 12:14:35 -07:00
win32mmap.c compat/win32mmap.c: Fix some sparse warnings 2013-04-28 12:27:08 -07:00
winansi.c Win32: reliably detect console pipe handles 2014-06-16 10:56:19 -07:00