![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | Jeff King <peff@peff.net> | |
| Thu, 8 Dec 2011 10:25:54 +0000 (05:25 -0500) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Wed, 14 Dec 2011 05:09:06 +0000 (21:09 -0800) | ||
| commit | c3ea051544cb1d98a5ae7f64d077084a9a5db5c1 | |
| tree | 949d8dc8bed5d4647af0f41ac37b462f4c1163e5 | tree | snapshot |
| parent | c2857fb8b7903b2bba9217310971e5282549174d | commit | diff |
blame: don't overflow time buffer
When showing the raw timestamp, we format the numeric
seconds-since-epoch into a buffer, followed by the timezone
string. This string has come straight from the commit
object. A well-formed object should have a timezone string
of only a few bytes, but we could be operating on data
pushed by a malicious user.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
When showing the raw timestamp, we format the numeric
seconds-since-epoch into a buffer, followed by the timezone
string. This string has come straight from the commit
object. A well-formed object should have a timezone string
of only a few bytes, but we could be operating on data
pushed by a malicious user.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| builtin/blame.c | diff | blob | history |