Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
git2
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
lvzhengyang
git2
Commits
83283d5c
Commit
83283d5c
authored
Jan 09, 2017
by
Carlos Martín Nieto
Committed by
GitHub
Jan 09, 2017
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #4075 from libgit2/cmn/sec-update-24
Security updates for v0.24
parents
428e18f8
45a2ee3f
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
51 additions
and
21 deletions
+51
-21
include/git2/version.h
+2
-2
src/transports/http.c
+1
-2
src/transports/smart_pkt.c
+13
-5
src/transports/smart_protocol.c
+0
-11
tests/online/badssl.c
+35
-1
No files found.
include/git2/version.h
View file @
83283d5c
...
@@ -7,10 +7,10 @@
...
@@ -7,10 +7,10 @@
#ifndef INCLUDE_git_version_h__
#ifndef INCLUDE_git_version_h__
#define INCLUDE_git_version_h__
#define INCLUDE_git_version_h__
#define LIBGIT2_VERSION "0.24.
5
"
#define LIBGIT2_VERSION "0.24.
6
"
#define LIBGIT2_VER_MAJOR 0
#define LIBGIT2_VER_MAJOR 0
#define LIBGIT2_VER_MINOR 24
#define LIBGIT2_VER_MINOR 24
#define LIBGIT2_VER_REVISION
5
#define LIBGIT2_VER_REVISION
6
#define LIBGIT2_VER_PATCH 0
#define LIBGIT2_VER_PATCH 0
#define LIBGIT2_SOVERSION 24
#define LIBGIT2_SOVERSION 24
...
...
src/transports/http.c
View file @
83283d5c
...
@@ -602,13 +602,12 @@ static int http_connect(http_subtransport *t)
...
@@ -602,13 +602,12 @@ static int http_connect(http_subtransport *t)
if
((
!
error
||
error
==
GIT_ECERTIFICATE
)
&&
t
->
owner
->
certificate_check_cb
!=
NULL
&&
if
((
!
error
||
error
==
GIT_ECERTIFICATE
)
&&
t
->
owner
->
certificate_check_cb
!=
NULL
&&
git_stream_is_encrypted
(
t
->
io
))
{
git_stream_is_encrypted
(
t
->
io
))
{
git_cert
*
cert
;
git_cert
*
cert
;
int
is_valid
;
int
is_valid
=
(
error
==
GIT_OK
)
;
if
((
error
=
git_stream_certificate
(
&
cert
,
t
->
io
))
<
0
)
if
((
error
=
git_stream_certificate
(
&
cert
,
t
->
io
))
<
0
)
return
error
;
return
error
;
giterr_clear
();
giterr_clear
();
is_valid
=
error
!=
GIT_ECERTIFICATE
;
error
=
t
->
owner
->
certificate_check_cb
(
cert
,
is_valid
,
t
->
connection_data
.
host
,
t
->
owner
->
message_cb_payload
);
error
=
t
->
owner
->
certificate_check_cb
(
cert
,
is_valid
,
t
->
connection_data
.
host
,
t
->
owner
->
message_cb_payload
);
if
(
error
<
0
)
{
if
(
error
<
0
)
{
...
...
src/transports/smart_pkt.c
View file @
83283d5c
...
@@ -427,15 +427,23 @@ int git_pkt_parse_line(
...
@@ -427,15 +427,23 @@ int git_pkt_parse_line(
if
(
bufflen
>
0
&&
bufflen
<
(
size_t
)
len
)
if
(
bufflen
>
0
&&
bufflen
<
(
size_t
)
len
)
return
GIT_EBUFS
;
return
GIT_EBUFS
;
/*
* The length has to be exactly 0 in case of a flush
* packet or greater than PKT_LEN_SIZE, as the decoded
* length includes its own encoded length of four bytes.
*/
if
(
len
!=
0
&&
len
<
PKT_LEN_SIZE
)
return
GIT_ERROR
;
line
+=
PKT_LEN_SIZE
;
line
+=
PKT_LEN_SIZE
;
/*
/*
* TODO: How do we deal with empty lines? Try again? with the next
* The Git protocol does not specify empty lines as part
* line?
* of the protocol. Not knowing what to do with an empty
* line, we should return an error upon hitting one.
*/
*/
if
(
len
==
PKT_LEN_SIZE
)
{
if
(
len
==
PKT_LEN_SIZE
)
{
*
head
=
NULL
;
giterr_set_str
(
GITERR_NET
,
"Invalid empty packet"
);
*
out
=
line
;
return
GIT_ERROR
;
return
0
;
}
}
if
(
len
==
0
)
{
/* Flush pkt */
if
(
len
==
0
)
{
/* Flush pkt */
...
...
src/transports/smart_protocol.c
View file @
83283d5c
...
@@ -759,14 +759,6 @@ static int add_push_report_sideband_pkt(git_push *push, git_pkt_data *data_pkt,
...
@@ -759,14 +759,6 @@ static int add_push_report_sideband_pkt(git_push *push, git_pkt_data *data_pkt,
line_len
-=
(
line_end
-
line
);
line_len
-=
(
line_end
-
line
);
line
=
line_end
;
line
=
line_end
;
/* When a valid packet with no content has been
* read, git_pkt_parse_line does not report an
* error, but the pkt pointer has not been set.
* Handle this by skipping over empty packets.
*/
if
(
pkt
==
NULL
)
continue
;
error
=
add_push_report_pkt
(
push
,
pkt
);
error
=
add_push_report_pkt
(
push
,
pkt
);
git_pkt_free
(
pkt
);
git_pkt_free
(
pkt
);
...
@@ -821,9 +813,6 @@ static int parse_report(transport_smart *transport, git_push *push)
...
@@ -821,9 +813,6 @@ static int parse_report(transport_smart *transport, git_push *push)
error
=
0
;
error
=
0
;
if
(
pkt
==
NULL
)
continue
;
switch
(
pkt
->
type
)
{
switch
(
pkt
->
type
)
{
case
GIT_PKT_DATA
:
case
GIT_PKT_DATA
:
/* This is a sideband packet which contains other packets */
/* This is a sideband packet which contains other packets */
...
...
tests/online/badssl.c
View file @
83283d5c
...
@@ -10,37 +10,71 @@ static bool g_has_ssl = true;
...
@@ -10,37 +10,71 @@ static bool g_has_ssl = true;
static
bool
g_has_ssl
=
false
;
static
bool
g_has_ssl
=
false
;
#endif
#endif
static
int
cert_check_assert_invalid
(
git_cert
*
cert
,
int
valid
,
const
char
*
host
,
void
*
payload
)
{
GIT_UNUSED
(
cert
);
GIT_UNUSED
(
host
);
GIT_UNUSED
(
payload
);
cl_assert_equal_i
(
0
,
valid
);
return
GIT_ECERTIFICATE
;
}
void
test_online_badssl__expired
(
void
)
void
test_online_badssl__expired
(
void
)
{
{
git_clone_options
opts
=
GIT_CLONE_OPTIONS_INIT
;
opts
.
fetch_opts
.
callbacks
.
certificate_check
=
cert_check_assert_invalid
;
if
(
!
g_has_ssl
)
if
(
!
g_has_ssl
)
cl_skip
();
cl_skip
();
cl_git_fail_with
(
GIT_ECERTIFICATE
,
cl_git_fail_with
(
GIT_ECERTIFICATE
,
git_clone
(
&
g_repo
,
"https://expired.badssl.com/fake.git"
,
"./fake"
,
NULL
));
git_clone
(
&
g_repo
,
"https://expired.badssl.com/fake.git"
,
"./fake"
,
NULL
));
cl_git_fail_with
(
GIT_ECERTIFICATE
,
git_clone
(
&
g_repo
,
"https://expired.badssl.com/fake.git"
,
"./fake"
,
&
opts
));
}
}
void
test_online_badssl__wrong_host
(
void
)
void
test_online_badssl__wrong_host
(
void
)
{
{
git_clone_options
opts
=
GIT_CLONE_OPTIONS_INIT
;
opts
.
fetch_opts
.
callbacks
.
certificate_check
=
cert_check_assert_invalid
;
if
(
!
g_has_ssl
)
if
(
!
g_has_ssl
)
cl_skip
();
cl_skip
();
cl_git_fail_with
(
GIT_ECERTIFICATE
,
cl_git_fail_with
(
GIT_ECERTIFICATE
,
git_clone
(
&
g_repo
,
"https://wrong.host.badssl.com/fake.git"
,
"./fake"
,
NULL
));
git_clone
(
&
g_repo
,
"https://wrong.host.badssl.com/fake.git"
,
"./fake"
,
NULL
));
cl_git_fail_with
(
GIT_ECERTIFICATE
,
git_clone
(
&
g_repo
,
"https://wrong.host.badssl.com/fake.git"
,
"./fake"
,
&
opts
));
}
}
void
test_online_badssl__self_signed
(
void
)
void
test_online_badssl__self_signed
(
void
)
{
{
git_clone_options
opts
=
GIT_CLONE_OPTIONS_INIT
;
opts
.
fetch_opts
.
callbacks
.
certificate_check
=
cert_check_assert_invalid
;
if
(
!
g_has_ssl
)
if
(
!
g_has_ssl
)
cl_skip
();
cl_skip
();
cl_git_fail_with
(
GIT_ECERTIFICATE
,
cl_git_fail_with
(
GIT_ECERTIFICATE
,
git_clone
(
&
g_repo
,
"https://self-signed.badssl.com/fake.git"
,
"./fake"
,
NULL
));
git_clone
(
&
g_repo
,
"https://self-signed.badssl.com/fake.git"
,
"./fake"
,
NULL
));
cl_git_fail_with
(
GIT_ECERTIFICATE
,
git_clone
(
&
g_repo
,
"https://self-signed.badssl.com/fake.git"
,
"./fake"
,
&
opts
));
}
}
void
test_online_badssl__old_cipher
(
void
)
void
test_online_badssl__old_cipher
(
void
)
{
{
git_clone_options
opts
=
GIT_CLONE_OPTIONS_INIT
;
opts
.
fetch_opts
.
callbacks
.
certificate_check
=
cert_check_assert_invalid
;
/* FIXME: we don't actually reject RC4 anywhere, figure out what to tweak */
cl_skip
();
if
(
!
g_has_ssl
)
if
(
!
g_has_ssl
)
cl_skip
();
cl_skip
();
cl_git_fail
(
git_clone
(
&
g_repo
,
"https://rc4.badssl.com/fake.git"
,
"./fake"
,
NULL
));
cl_git_fail_with
(
GIT_ECERTIFICATE
,
git_clone
(
&
g_repo
,
"https://rc4.badssl.com/fake.git"
,
"./fake"
,
NULL
));
cl_git_fail_with
(
GIT_ECERTIFICATE
,
git_clone
(
&
g_repo
,
"https://rc4.badssl.com/fake.git"
,
"./fake"
,
&
opts
));
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment