Commit 6a5136e5 by nulltoken

revparse: only allow decimal reflog ordinal specs

passing 0 to git_strol(32|64) let the implementation guess if it's
dealing with an octal number or a decimal one.

Let's make it safe and ensure that both 'HEAD@{010}' and 'HEAD@{10}'
point at the same commit.
parent 29f72aa6
...@@ -167,7 +167,7 @@ static int walk_ref_history(git_object **out, git_repository *repo, const char * ...@@ -167,7 +167,7 @@ static int walk_ref_history(git_object **out, git_repository *repo, const char *
if (refspeclen > 0) if (refspeclen > 0)
return revspec_error(reflogspec); return revspec_error(reflogspec);
if (git__strtol32(&n, reflogspec+3, NULL, 0) < 0 || n < 1) if (git__strtol32(&n, reflogspec+3, NULL, 10) < 0 || n < 1)
return revspec_error(reflogspec); return revspec_error(reflogspec);
if (!git_reference_lookup(&ref, repo, "HEAD")) { if (!git_reference_lookup(&ref, repo, "HEAD")) {
...@@ -233,7 +233,7 @@ static int walk_ref_history(git_object **out, git_repository *repo, const char * ...@@ -233,7 +233,7 @@ static int walk_ref_history(git_object **out, git_repository *repo, const char *
/* @{N} -> Nth prior value for the ref (from reflog) */ /* @{N} -> Nth prior value for the ref (from reflog) */
else if (all_chars_are_digits(reflogspec+2, reflogspeclen-3) && else if (all_chars_are_digits(reflogspec+2, reflogspeclen-3) &&
!git__strtol32(&n, reflogspec+2, NULL, 0) && !git__strtol32(&n, reflogspec+2, NULL, 10) &&
n <= 100000000) { /* Allow integer time */ n <= 100000000) { /* Allow integer time */
normalize_maybe_empty_refname(&buf, repo, refspec, refspeclen); normalize_maybe_empty_refname(&buf, repo, refspec, refspeclen);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment