From 50d0158fbba5c4cd04184bb757bf43a84c290405 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Sat, 10 Dec 2011 05:40:45 -0500 Subject: imap-send: avoid buffer overflow We format the password prompt in an 80-character static buffer. It contains the remote host and username, so it's unlikely to overflow (or be exploitable by a remote attacker), but there's no reason not to be careful and use a strbuf. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- imap-send.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'imap-send.c') diff --git a/imap-send.c b/imap-send.c index e1ad1a48ce..4c1e897113 100644 --- a/imap-send.c +++ b/imap-send.c @@ -1209,9 +1209,10 @@ static struct store *imap_open_store(struct imap_server_conf *srvc) goto bail; } if (!srvc->pass) { - char prompt[80]; - sprintf(prompt, "Password (%s@%s): ", srvc->user, srvc->host); - arg = git_getpass(prompt); + struct strbuf prompt = STRBUF_INIT; + strbuf_addf(&prompt, "Password (%s@%s): ", srvc->user, srvc->host); + arg = git_getpass(prompt.buf); + strbuf_release(&prompt); if (!arg) { perror("getpass"); exit(1); -- cgit v1.2.3 From 6c597aeba1e0fc369e64b1033515b0e39544cbe1 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Sat, 10 Dec 2011 05:40:49 -0500 Subject: imap-send: don't check return value of git_getpass git_getpass will always die() if we weren't able to get input, so there's no point looking for NULL. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- imap-send.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'imap-send.c') diff --git a/imap-send.c b/imap-send.c index 4c1e897113..227253ea19 100644 --- a/imap-send.c +++ b/imap-send.c @@ -1213,10 +1213,6 @@ static struct store *imap_open_store(struct imap_server_conf *srvc) strbuf_addf(&prompt, "Password (%s@%s): ", srvc->user, srvc->host); arg = git_getpass(prompt.buf); strbuf_release(&prompt); - if (!arg) { - perror("getpass"); - exit(1); - } if (!*arg) { fprintf(stderr, "Skipping account %s@%s, no password\n", srvc->user, srvc->host); goto bail; -- cgit v1.2.3 From d3c58b83aee2007ca76dc5d1242c09b6f7989c76 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Sat, 10 Dec 2011 05:40:54 -0500 Subject: move git_getpass to its own source file This is currently in connect.c, but really has nothing to do with the git protocol itself. Let's make a new source file all about prompting the user, which will make it cleaner to refactor. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- imap-send.c | 1 + 1 file changed, 1 insertion(+) (limited to 'imap-send.c') diff --git a/imap-send.c b/imap-send.c index 227253ea19..43588e8876 100644 --- a/imap-send.c +++ b/imap-send.c @@ -25,6 +25,7 @@ #include "cache.h" #include "exec_cmd.h" #include "run-command.h" +#include "prompt.h" #ifdef NO_OPENSSL typedef void *SSL; #else -- cgit v1.2.3