On Mon, Oct 21, 2013 at 03:14:39PM -0400, Jeff King wrote: > On Mon, Oct 21, 2013 at 09:07:26PM +0200, Erik Faye-Lund wrote: > > > I would argue that this is probably even a bug on Linux, only harder > > (if not impossible) to trigger by accident as there's probably no > > git-client that will generate such trees. But a "malicious" client > > might. > > I've just been poking through the impacts of these overflows, for that > exact reason. I don't think any of them are easily triggerable by > somebody sending you a malicious tree (e.g., the `remove_subtree` one > only triggers when we have seen that tree in the filesystem, so it must > be limited to `PATH_MAX`). Some of them are triggerable if you use > particular options (e.g., the one in `match_order` is easy to trigger if > you use `diff -O`).
Actually, I take that back. The one in checkout_entry is quite easy to trigger if the victim checks out your tree. The rest are much harder, though. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
