From 79bbc7fb078f8cabe04020c4619be9b571371398 Mon Sep 17 00:00:00 2001 From: Johannes Sixt Date: Mon, 22 Sep 2008 13:03:25 +0200 Subject: [PATCH] git-remote: do not use user input in a printf format string 'git remote show' substituted the remote name into a string that was later used as a printf format string. If a remote name contains a printf format specifier like this: $ git remote add foo%sbar . then the command $ git remote show foo%sbar would print garbage (if you are lucky) or crash. This fixes it. Signed-off-by: Johannes Sixt Signed-off-by: Junio C Hamano --- builtin-remote.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/builtin-remote.c b/builtin-remote.c index 01945a865..4cb763f98 100644 --- a/builtin-remote.c +++ b/builtin-remote.c @@ -407,14 +407,15 @@ static int rm(int argc, const char **argv) return i; } -static void show_list(const char *title, struct string_list *list) +static void show_list(const char *title, struct string_list *list, + const char *extra_arg) { int i; if (!list->nr) return; - printf(title, list->nr > 1 ? "es" : ""); + printf(title, list->nr > 1 ? "es" : "", extra_arg); printf("\n "); for (i = 0; i < list->nr; i++) printf("%s%s", i ? " " : "", list->items[i].string); @@ -477,7 +478,6 @@ static int show(int argc, const char **argv) memset(&states, 0, sizeof(states)); for (; argc; argc--, argv++) { - struct strbuf buf; int i; get_remote_ref_states(*argv, &states, !no_query); @@ -503,18 +503,16 @@ static int show(int argc, const char **argv) } if (!no_query) { - strbuf_init(&buf, 0); - strbuf_addf(&buf, " New remote branch%%s (next fetch " - "will store in remotes/%s)", states.remote->name); - show_list(buf.buf, &states.new); - strbuf_release(&buf); + show_list(" New remote branch%s (next fetch " + "will store in remotes/%s)", + &states.new, states.remote->name); show_list(" Stale tracking branch%s (use 'git remote " - "prune')", &states.stale); + "prune')", &states.stale, ""); } if (no_query) for_each_ref(append_ref_to_tracked_list, &states); - show_list(" Tracked remote branch%s", &states.tracked); + show_list(" Tracked remote branch%s", &states.tracked, ""); if (states.remote->push_refspec_nr) { printf(" Local branch%s pushed with 'git push'\n ", -- 2.26.2