diff options
| author | Jeff King <peff@peff.net> | 2024-08-01 04:25:56 -0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2024-08-01 08:54:47 -0700 |
| commit | b201316835bbf2c49c2780f23cfd6146f6b8d1a2 (patch) | |
| tree | ee546cc01e8abb53dd3cc910e2def419c06f048f /commit.h | |
| parent | c2b3f2b3cdbf5ad9feb978dd367d77561a1271f7 (diff) | |
credential/osxkeychain: respect NUL terminator in username
This patch fixes a case where git-credential-osxkeychain might output
uninitialized bytes to stdout.
We need to get the username string from a system API using
CFStringGetCString(). To do that, we get the max size for the string
from CFStringGetMaximumSizeForEncoding(), allocate a buffer based on
that, and then read into it. But then we print the entire buffer to
stdout, including the trailing NUL and any extra bytes which were not
needed. Instead, we should stop at the NUL.
This code comes from 9abe31f5f1 (osxkeychain: replace deprecated
SecKeychain API, 2024-02-17). The bug was probably overlooked back then
because this code is only used as a fallback when we can't get the
string via CFStringGetCStringPtr(). According to Apple's documentation:
Whether or not this function returns a valid pointer or NULL depends
on many factors, all of which depend on how the string was created and
its properties.
So it's not clear how we could make a test for this, and we'll have to
rely on manually testing on a system that triggered the bug in the first
place.
Reported-by: Hong Jiang <ilford@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
Tested-by: Hong Jiang <ilford@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'commit.h')
0 files changed, 0 insertions, 0 deletions