Commit 74937431 by Patrick Steinhardt

config_file: properly ignore includes without "path" value

In case a configuration includes a key "include.path=" without any
value, the generated configuration entry will have its value set to
`NULL`. This is unexpected by the logic handling includes, and as soon
as we try to calculate the included path we will unconditionally
dereference that `NULL` pointer and thus segfault.

Fix the issue by returning early in both `parse_include` and
`parse_conditional_include` in case where the `file` argument is `NULL`.
Add a test to avoid future regression.

The issue has been found by the oss-fuzz project, issue 10810.

(cherry picked from commit d06d4220)
parent 232fc469
......@@ -1598,7 +1598,7 @@ static int read_on_variable(
result = 0;
/* Add or append the new config option */
if (!git__strcmp(var->entry->name, "include.path")) {
if (!git__strcmp(var->entry->name, "include.path") && var->entry->value) {
struct reader *r;
git_buf path = GIT_BUF_INIT;
char *dir;
......
......@@ -96,6 +96,21 @@ void test_config_include__depth(void)
cl_git_pass(p_unlink("b"));
}
void test_config_include__empty_path_sanely_handled(void)
{
git_config *cfg;
git_buf buf = GIT_BUF_INIT;
cl_git_mkfile("a", "[include]\npath");
cl_git_pass(git_config_open_ondisk(&cfg, "a"));
cl_git_pass(git_config_get_string_buf(&buf, cfg, "include.path"));
cl_assert_equal_s("", git_buf_cstr(&buf));
git_buf_free(&buf);
git_config_free(cfg);
cl_git_pass(p_unlink("a"));
}
void test_config_include__missing(void)
{
git_config *cfg;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment