From: Jeff King Date: Thu, 1 Aug 2024 08:25:56 +0000 (-0400) Subject: credential/osxkeychain: respect NUL terminator in username X-Git-Tag: v2.46.1~31^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b201316835bbf2c49c2780f23cfd6146f6b8d1a2;p=thirdparty%2Fgit.git credential/osxkeychain: respect NUL terminator in username This patch fixes a case where git-credential-osxkeychain might output uninitialized bytes to stdout. We need to get the username string from a system API using CFStringGetCString(). To do that, we get the max size for the string from CFStringGetMaximumSizeForEncoding(), allocate a buffer based on that, and then read into it. But then we print the entire buffer to stdout, including the trailing NUL and any extra bytes which were not needed. Instead, we should stop at the NUL. This code comes from 9abe31f5f1 (osxkeychain: replace deprecated SecKeychain API, 2024-02-17). The bug was probably overlooked back then because this code is only used as a fallback when we can't get the string via CFStringGetCStringPtr(). According to Apple's documentation: Whether or not this function returns a valid pointer or NULL depends on many factors, all of which depend on how the string was created and its properties. So it's not clear how we could make a test for this, and we'll have to rely on manually testing on a system that triggered the bug in the first place. Reported-by: Hong Jiang Signed-off-by: Jeff King Tested-by: Hong Jiang Signed-off-by: Junio C Hamano --- diff --git a/contrib/credential/osxkeychain/git-credential-osxkeychain.c b/contrib/credential/osxkeychain/git-credential-osxkeychain.c index 6a40917b1e..b5346005a4 100644 --- a/contrib/credential/osxkeychain/git-credential-osxkeychain.c +++ b/contrib/credential/osxkeychain/git-credential-osxkeychain.c @@ -140,7 +140,7 @@ static void find_username_in_item(CFDictionaryRef item) username_buf, buffer_len, ENCODING)) { - write_item("username", username_buf, buffer_len - 1); + write_item("username", username_buf, strlen(username_buf)); } free(username_buf); }