On Wed, 21 Dec 2005, Junio C Hamano wrote: > Pavel Roskin <proski@gnu.org> writes: > > > add_packed_git() tries to get the pack SHA1 by parsing its name. It may > > access uninitialized memory for packs with short names. > > Thanks. > > This fixes when there is ".git/objects/packs/junk-X.pack", so in > that sense it is a real fix and I'll take it. > > However, I feel a bit uneasy about this whole thing. The core > does not care how you name your packs, as long as .pack and .idx > files have the same prefix, but we started relying on the prefix > being "pack-" followed by 40 hexadecimal digits since we started > packed repository support in http-fetch, and we also allowed > sha1_pack_name() function that shares the assumption to sneak > into the real core part of the system around the same time (end > of July 2005). git-repack and git-verify-pack stay ignorant > about this prefix convention and I think that is a good > property. However, we might be better off if we declare that > the pack files *must* be named following that convention > (currently nobody enforces it, but as long as the user uses "git > repack" to create packs, the packs automatically follow that > convention), and make check_packed_git_idx() reject a packfile > whose name does not begin with "pack-" or the 40 hexdigits that > follow does not match the hash of the object names the index > records. If we go that route, then this patch becomes unneeded; > more extensive check needs to be done in check_packed_git_idx(). > > Thoughts? I'd like to require it to be a hash, just because that makes it prohibitively difficult to make something people will accept as pack-05f611b3b8198b262acdf678584d365f8e879aec.pack other than the one from the git repository. Sure, it would only be a minor DoS and a bit of confusion, because it still couldn't do any worse than contain some different objects, but it would block people from getting the pack with the objects they want. Since nobody seems interested in naming their packs, so far as I know, it seems best to force the names to be universally unique, modulo an incredible coincidence. -Daniel *This .sig left intentionally blank* - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Thu Dec 22 12:58:12 2005
This archive was generated by hypermail 2.1.8 : 2005-12-22 12:58:19 EST