- 22 May, 2018 3 commits
-
-
We may take in names from the middle of a string so we want the caller to let us know how long the path component is that we should be checking.
Carlos Martín Nieto committed -
We want to reject these as they cause compatibility issues and can lead to git writing to files outside of the repository.
Carlos Martín Nieto committed -
These will be used by the checkout code to detect them for the particular filesystem they're on.
Carlos Martín Nieto committed
-
- 18 May, 2018 5 commits
-
-
These can't go into the public API yet as we don't want to introduce API or ABI changes in a security release.
Carlos Martín Nieto committed -
Carlos Martín Nieto committed
-
Given a path component it knows what to pass to the filesystem-specific functions so we're protected even from trees which try to use the 8.3 naming rules to get around us matching on the filename exactly. The logic and test strings come from the equivalent git change.
Carlos Martín Nieto committed -
It checks against the 8.3 shortname variants, including the one which includes the checksum as part of its name.
Carlos Martín Nieto committed -
This lets us check for other kinds of reserved files.
Carlos Martín Nieto committed
-
- 14 May, 2018 1 commit
-
-
Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to protect Windows users. Ideally we would check for both separators without the need for the copied string, but this'll get us over the RCE.
Carlos Martín Nieto committed
-
- 09 May, 2018 1 commit
-
-
If the we decide that the "name" of the submodule (i.e. its path inside `.git/modules/`) is trying to escape that directory or otherwise trick us, we ignore the configuration for that submodule. This leaves us with a half-configured submodule when looking it up by path, but it's the same result as if the configuration really were missing. The name check is potentially more strict than it needs to be, but it lets us re-use the check we're doing for the checkout. The function that encapsulates this logic is ready to be exported but we don't want to do that in a security release so it remains internal for now.
Carlos Martín Nieto committed
-
- 30 Apr, 2018 1 commit
-
-
We should pretend such submdules do not exist as it can lead to RCE.
Carlos Martín Nieto committed
-
- 22 Apr, 2018 3 commits
-
-
mbedTLS support
Edward Thomson committed -
Configuration entry iteration in order
Edward Thomson committed -
blame_git: fix coalescing step never being executed
Edward Thomson committed
-
- 20 Apr, 2018 9 commits
-
-
Fix leaks in master
Patrick Steinhardt committed -
Leak fixes for v0.27.1
Patrick Steinhardt committed -
worktree: Read worktree specific reflog for HEAD
Patrick Steinhardt committed -
Valgrind log: ==2711== 305 (48 direct, 257 indirect) bytes in 1 blocks are definitely lost in loss record 576 of 624 ==2711== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2711== by 0x5E079E: git__calloc (util.h:99) ==2711== by 0x5E0D21: open_worktree_dir (worktree.c:134) ==2711== by 0x5E0F23: git_worktree_lookup (worktree.c:176) ==2711== by 0x5E1972: git_worktree_add (worktree.c:388) ==2711== by 0x551F23: test_worktree_worktree__add_with_explicit_branch (worktree.c:292) ==2711== by 0x45853E: clar_run_test (clar.c:222) ==2711== by 0x4587E1: clar_run_suite (clar.c:286) ==2711== by 0x458B04: clar_parse_args (clar.c:362) ==2711== by 0x458CAB: clar_test_run (clar.c:428) ==2711== by 0x45665C: main (main.c:24)
Etienne Samson committed -
CID:1383993, "In git_refspec__dwim_one: All paths that lead to this null pointer comparison already dereference the pointer earlier (CWE-476)"
Etienne Samson committed -
As per CID:1378747, we might be called with a NULL repo, which would be deferenced in write_add_refspec
Etienne Samson committed -
Etienne Samson committed
-
Valgrind log : ==17702== 18 bytes in 1 blocks are indirectly lost in loss record 69 of 1,123 ==17702== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17702== by 0x5FDBB49: strdup (strdup.c:42) ==17702== by 0x632B3E: git__strdup (util.h:106) ==17702== by 0x632D2C: git_reference__alloc_symbolic (refs.c:64) ==17702== by 0x62E0AF: loose_lookup (refdb_fs.c:408) ==17702== by 0x62E636: refdb_fs_backend__iterator_next (refdb_fs.c:565) ==17702== by 0x62CD8E: git_refdb_iterator_next (refdb.c:147) ==17702== by 0x6347F2: git_reference_next (refs.c:838) ==17702== by 0x6345CB: git_reference_foreach (refs.c:748) ==17702== by 0x66BE62: local_download_pack (local.c:579) ==17702== by 0x5DB48F: git_fetch_download_pack (fetch.c:148) ==17702== by 0x639028: git_remote_download (remote.c:932) ==17702== by 0x63919A: git_remote_fetch (remote.c:969) ==17702== by 0x4ABEDD: test_fetchhead_nonetwork__fetch_into_repo_with_symrefs (nonetwork.c:362) ==17702== by 0x4125D9: clar_run_test (clar.c:222) ==17702== by 0x41287C: clar_run_suite (clar.c:286) ==17702== by 0x412DDE: clar_test_run (clar.c:433) ==17702== by 0x4105E1: main (main.c:24)
Etienne Samson committed -
fixed stack smashing due to wrong size of struct stat on the stack
Patrick Steinhardt committed
-
- 19 Apr, 2018 1 commit
-
-
on 32-bit systems with 64-bit file descriptor offsets enabled (added -D_FILE_OFFSET_BITS=64 when compiling the test suite)
Andreas Baumann committed
-
- 17 Apr, 2018 10 commits
-
-
scripts: add backporting script
Edward Thomson committed -
worktree: add ability to create worktree with pre-existing branch
Edward Thomson committed -
refs: preserve the owning refdb when duping reference
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
The CRLF data generator is somewhat obscure; add information about how to use it and what it does.
Edward Thomson committed -
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed -
Update with vanilla Git 2.11.0 on Debian Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed -
Update with "git version 2.11.0.windows.3" Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed -
Submodules-API should report .gitmodules parse errors instead of ignoring them
Edward Thomson committed
-
- 16 Apr, 2018 5 commits
-
-
Typedef git_pkt_type and clarify recv_pkt return type
Edward Thomson committed -
online::clone: validate user:pass in HTTP_PROXY
Edward Thomson committed -
transports: ssh: disconnect session before freeing it
Edward Thomson committed -
revwalk: fix uninteresting revs sometimes not limiting graphwalk
Edward Thomson committed -
attr_file: fix handling of directory patterns with trailing spaces
Edward Thomson committed
-
- 12 Apr, 2018 1 commit
-
-
When we want to limit our graphwalk, we use the heuristic of checking whether the newest limiting (uninteresting) revision is newer than the oldest interesting revision. We do so by inspecting whether the first item's commit time of the user-supplied list of revisions is newer than the last added interesting revision. This is wrong though, as the user supplied list is in no way guaranteed to be sorted by increasing commit dates. This could lead us to abort the revwalk early before applying all relevant limiting revisions, outputting revisions which should in fact have been hidden. Fix the heuristic by instead checking whether _any_ of the limiting commits was made earlier than the last interesting commit. Add a test.
Patrick Steinhardt committed
-