- 27 Nov, 2020 1 commit
-
-
Edward Thomson committed
-
- 31 Jan, 2019 1 commit
-
-
Similar to the write(3) function, implementations of `git_stream_write` do not guarantee that all bytes are written. Instead, they return the number of bytes that actually have been written, which may be smaller than the total number of bytes. Furthermore, due to an interface design issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as otherwise we cannot represent the number of bytes written to the caller. Unfortunately, no caller of `git_stream_write` ever checks the return value, except to verify that no error occurred. Due to this, they are susceptible to the case where only partial data has been written. Fix this by introducing a new function `git_stream__write_full`. In contrast to `git_stream_write`, it will always return either success or failure, without returning the number of bytes written. Thus, it is able to write all `SIZE_MAX` bytes and loop around `git_stream_write` until all data has been written. Adjust all callers except the BIO callbacks in our mbedtls and OpenSSL streams, which already do the right thing and require the amount of bytes written.
Patrick Steinhardt committed
-
- 25 Jan, 2019 1 commit
-
-
Our streams implementation takes a `size_t` that indicates the length of the data buffer to be written, and returns an `ssize_t` that indicates the length that _was_ written. Clearly no such implementation can write more than `SSIZE_MAX` bytes. Ensure that each TLS stream implementation does not try to write more than `SSIZE_MAX` bytes (or smaller; if the given implementation takes a smaller size).
Edward Thomson committed
-
- 22 Jan, 2019 1 commit
-
-
Move to the `git_error` name in the internal API for error-related functions.
Edward Thomson committed
-
- 28 Nov, 2018 2 commits
-
-
We previously used cURL to support HTTP proxies. Now that we've added this support natively, we can remove the curl dependency.
Edward Thomson committed -
Introduce `git_tls_stream_wrap` which will take an existing `stream` with an already connected socket and begin speaking TLS on top of it. This is useful if you've built a connection to a proxy server and you wish to begin CONNECT over it to tunnel a TLS connection. Also update the pluggable TLS stream layer so that it can accept a registration structure that provides an `init` and `wrap` function, instead of a single initialization function.
Edward Thomson committed
-
- 25 Sep, 2018 1 commit
-
-
"warning: values of type 'OSStatus' should not be used as format arguments; add an explicit cast to 'int' instead [-Wformat]"
Etienne Samson committed
-
- 14 Dec, 2017 1 commit
-
-
Fixes #4440
Etienne Samson committed
-
- 23 Oct, 2017 1 commit
-
-
Etienne Samson committed
-
- 03 Jul, 2017 1 commit
-
-
Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
Patrick Steinhardt committed
-
- 09 Aug, 2016 1 commit
-
-
When failing to initialize a new stransport stream, we try to release already allocated memory by calling out to `git_stream_free`, which in turn called out to the stream's `free` function pointer. As we only initialize the function pointer later on, this leads to a `NULL` pointer exception. Furthermore, plug another memory leak when failing to create the SSL context.
Patrick Steinhardt committed
-
- 08 Aug, 2016 1 commit
-
-
Patrick Steinhardt committed
-
- 05 Aug, 2016 1 commit
-
-
The `SSLCopyPeerTrust` call can succeed but fail to return a trust object if it can't load the certificate chain and thus cannot check the validity of a certificate. This can lead to us calling `CFRelease` on a `NULL` trust object, causing a crash. Handle this by returning ECERTIFICATE.
Carlos Martín Nieto committed
-
- 06 May, 2016 1 commit
-
-
Lucas Derraugh committed
-
- 21 Apr, 2016 1 commit
-
-
Edward Thomson committed
-
- 10 Jul, 2015 1 commit
-
-
Edward Thomson committed
-
- 26 Jun, 2015 1 commit
-
-
Pierre-Olivier Latour committed
-
- 24 Jun, 2015 1 commit
-
-
If the libcurl stream is available, use that as the underlying stream instead of the socket stream. This allows us to set a proxy for HTTPS connections.
Carlos Martín Nieto committed
-
- 15 Jun, 2015 1 commit
-
-
Fix in stransport_stream.c for usage of SecCopyErrorMessageString(), which is unavailable to iOS targets.
Logan Collins committed
-
- 12 Jun, 2015 1 commit
-
-
The read and write callbacks passed to SSLSetIOFuncs() have been rewritten to match the implementation used on opensource.apple.com and other open source projects like VLC. This change also fixes a bug where the read callback could get into an infinite loop when 0 bytes were read.
Pierre-Olivier Latour committed
-
- 23 Apr, 2015 4 commits
-
-
On close, we might get a return code which looks like an error but just means that the other side closed gracefully. Handle that.
Carlos Martín Nieto committed -
Anything SSL is deprecated. Let's make sure we don't try to use SSL v3 when talking to the server.
Carlos Martín Nieto committed -
Do not automatically fail on a bad certificate, but let the caller decide. This means we don't need our switch on errors anymore but can return a string representation from the security framework.
Carlos Martín Nieto committed -
As an alternative to OpenSSL when we're on OS X. This one can actually take advantage of stacking the streams.
Carlos Martín Nieto committed
-