2011-10-12 14:33:54 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
test_description='git am with corrupt input'
|
|
|
|
|
. ./test-lib.sh
|
|
|
|
|
|
mailinfo.c: avoid strlen on strings that can contains NUL
We're passing buffer from strbuf to reencode_string,
which will call strlen(3) on that buffer,
and discard the length of newly created buffer.
Then, we compute the length of the return buffer to attach to strbuf.
During this process, we introduce a discrimination between mail
originally written in utf-8 and other encoding.
* if the email was written in utf-8, we leave it as is. If there is
a NUL character in that line, we complains loudly:
error: a NUL byte in commit log message not allowed.
* if the email was written in other encoding, we truncate the data as
the NUL character in that line, then we used the truncated line for
the metadata.
We can do better by reusing all the available information,
and call the underlying lower level function that will be called
indirectly by reencode_string. By doing this, we will also postpone
the NUL character processing to the commit step, which will
complains about the faulty metadata.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-04-20 23:54:35 +00:00
|
|
|
make_mbox_with_nul () {
|
|
|
|
|
space=' '
|
|
|
|
|
q_nul_in_subject=
|
|
|
|
|
q_nul_in_body=
|
|
|
|
|
while test $# -ne 0
|
|
|
|
|
do
|
|
|
|
|
case "$1" in
|
|
|
|
|
subject) q_nul_in_subject='=00' ;;
|
|
|
|
|
body) q_nul_in_body='=00' ;;
|
|
|
|
|
esac &&
|
|
|
|
|
shift
|
|
|
|
|
done &&
|
|
|
|
|
cat <<-EOF
|
|
|
|
|
From ec7364544f690c560304f5a5de9428ea3b978b26 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: A U Thor <author@example.com>
|
|
|
|
|
Date: Sun, 19 Apr 2020 13:42:07 +0700
|
|
|
|
|
Subject: [PATCH] =?ISO-8859-1?q?=C4=CB${q_nul_in_subject}=D1=CF=D6?=
|
|
|
|
|
MIME-Version: 1.0
|
|
|
|
|
Content-Type: text/plain; charset=ISO-8859-1
|
|
|
|
|
Content-Transfer-Encoding: quoted-printable
|
|
|
|
|
|
|
|
|
|
abc${q_nul_in_body}def
|
|
|
|
|
---
|
|
|
|
|
diff --git a/afile b/afile
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000000..e69de29bb2
|
|
|
|
|
--$space
|
|
|
|
|
2.26.1
|
|
|
|
|
EOF
|
|
|
|
|
}
|
|
|
|
|
|
2011-10-12 14:33:54 +00:00
|
|
|
test_expect_success setup '
|
2013-10-16 12:27:16 +00:00
|
|
|
# Note the missing "+++" line:
|
|
|
|
|
cat >bad-patch.diff <<-\EOF &&
|
|
|
|
|
From: A U Thor <au.thor@example.com>
|
|
|
|
|
diff --git a/f b/f
|
|
|
|
|
index 7898192..6178079 100644
|
|
|
|
|
--- a/f
|
|
|
|
|
@@ -1 +1 @@
|
|
|
|
|
-a
|
|
|
|
|
+b
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
echo a >f &&
|
2011-10-12 14:33:54 +00:00
|
|
|
git add f &&
|
|
|
|
|
test_tick &&
|
|
|
|
|
git commit -m initial
|
|
|
|
|
'
|
|
|
|
|
|
|
|
|
|
# This used to fail before, too, but with a different diagnostic.
|
|
|
|
|
# fatal: unable to write file '(null)' mode 100644: Bad address
|
|
|
|
|
# Also, it had the unwanted side-effect of deleting f.
|
|
|
|
|
test_expect_success 'try to apply corrupted patch' '
|
2020-04-20 23:54:34 +00:00
|
|
|
test_when_finished "git am --abort" &&
|
|
|
|
|
test_must_fail git -c advice.amWorkDir=false am bad-patch.diff 2>actual &&
|
2016-08-08 21:03:02 +00:00
|
|
|
echo "error: git diff header lacks filename information (line 4)" >expected &&
|
2013-10-16 12:27:16 +00:00
|
|
|
test_path_is_file f &&
|
2021-02-11 01:53:53 +00:00
|
|
|
test_cmp expected actual
|
2011-10-12 14:33:54 +00:00
|
|
|
'
|
|
|
|
|
|
mailinfo.c: avoid strlen on strings that can contains NUL
We're passing buffer from strbuf to reencode_string,
which will call strlen(3) on that buffer,
and discard the length of newly created buffer.
Then, we compute the length of the return buffer to attach to strbuf.
During this process, we introduce a discrimination between mail
originally written in utf-8 and other encoding.
* if the email was written in utf-8, we leave it as is. If there is
a NUL character in that line, we complains loudly:
error: a NUL byte in commit log message not allowed.
* if the email was written in other encoding, we truncate the data as
the NUL character in that line, then we used the truncated line for
the metadata.
We can do better by reusing all the available information,
and call the underlying lower level function that will be called
indirectly by reencode_string. By doing this, we will also postpone
the NUL character processing to the commit step, which will
complains about the faulty metadata.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-04-20 23:54:35 +00:00
|
|
|
test_expect_success "NUL in commit message's body" '
|
|
|
|
|
test_when_finished "git am --abort" &&
|
|
|
|
|
make_mbox_with_nul body >body.patch &&
|
|
|
|
|
test_must_fail git am body.patch 2>err &&
|
|
|
|
|
grep "a NUL byte in commit log message not allowed" err
|
|
|
|
|
'
|
|
|
|
|
|
2020-04-20 23:54:36 +00:00
|
|
|
test_expect_success "NUL in commit message's header" "
|
mailinfo.c: avoid strlen on strings that can contains NUL
We're passing buffer from strbuf to reencode_string,
which will call strlen(3) on that buffer,
and discard the length of newly created buffer.
Then, we compute the length of the return buffer to attach to strbuf.
During this process, we introduce a discrimination between mail
originally written in utf-8 and other encoding.
* if the email was written in utf-8, we leave it as is. If there is
a NUL character in that line, we complains loudly:
error: a NUL byte in commit log message not allowed.
* if the email was written in other encoding, we truncate the data as
the NUL character in that line, then we used the truncated line for
the metadata.
We can do better by reusing all the available information,
and call the underlying lower level function that will be called
indirectly by reencode_string. By doing this, we will also postpone
the NUL character processing to the commit step, which will
complains about the faulty metadata.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-04-20 23:54:35 +00:00
|
|
|
test_when_finished 'git am --abort' &&
|
|
|
|
|
make_mbox_with_nul subject >subject.patch &&
|
2020-04-20 23:54:36 +00:00
|
|
|
test_must_fail git mailinfo msg patch <subject.patch 2>err &&
|
|
|
|
|
grep \"a NUL byte in 'Subject' is not allowed\" err &&
|
|
|
|
|
test_must_fail git am subject.patch 2>err &&
|
|
|
|
|
grep \"a NUL byte in 'Subject' is not allowed\" err
|
mailinfo.c: avoid strlen on strings that can contains NUL
We're passing buffer from strbuf to reencode_string,
which will call strlen(3) on that buffer,
and discard the length of newly created buffer.
Then, we compute the length of the return buffer to attach to strbuf.
During this process, we introduce a discrimination between mail
originally written in utf-8 and other encoding.
* if the email was written in utf-8, we leave it as is. If there is
a NUL character in that line, we complains loudly:
error: a NUL byte in commit log message not allowed.
* if the email was written in other encoding, we truncate the data as
the NUL character in that line, then we used the truncated line for
the metadata.
We can do better by reusing all the available information,
and call the underlying lower level function that will be called
indirectly by reencode_string. By doing this, we will also postpone
the NUL character processing to the commit step, which will
complains about the faulty metadata.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-04-20 23:54:35 +00:00
|
|
|
"
|
|
|
|
|
|
2011-10-12 14:33:54 +00:00
|
|
|
test_done
|