1. 28 Nov, 2018 29 commits
  2. 25 Nov, 2018 2 commits
  3. 21 Nov, 2018 4 commits
    • transport: allow cred/cert callbacks to return GIT_PASSTHROUGH · a2e6e0ea
      Allow credential and certificate checking callbacks to return
      GIT_PASSTHROUGH, indicating that they do not want to act.
      Introduce this to support in both the http and ssh callbacks.
      Additionally, enable the same mechanism for certificate validation.
      
      This is most useful to disambiguate any meaning in the publicly exposed
      credential and certificate functions (`git_transport_smart_credentials`
      and `git_transport_smart_certificate_check`) but it may be more
      generally useful for callers to be able to defer back to libgit2.
      Edward Thomson committed
    • Merge pull request #4884 from libgit2/ethomson/index_iterator · 0e3e832d
      index: introduce git_index_iterator
      Patrick Steinhardt committed
    • Merge pull request #4894 from pks-t/pks/commit-author-oob · 94fce582
      commit: fix out-of-bound reads when parsing truncated author fields
      Edward Thomson committed
    • commit: fix out-of-bound reads when parsing truncated author fields · cb23c3ef
      While commit objects usually should have only one author field, our commit
      parser actually handles the case where a commit has multiple author fields
      because some tools that exist in the wild actually write them. Detection of
      those additional author fields is done by using a simple `git__prefixcmp`,
      checking whether the current line starts with the string "author ". In case
      where we are handed a non-NUL-terminated string that ends directly after the
      space, though, we may have an out-of-bounds read of one byte when trying to
      compare the expected final NUL byte.
      
      Fix the issue by using `git__prefixncmp` instead of `git_prefixcmp`.
      Unfortunately, a test cannot be easily written to catch this case. While we
      could test the last error message and verify that it didn't in fact fail parsing
      a signature (because that would indicate that it has in fact tried to parse the
      additional "author " field, which it shouldn't be able to detect in the first
      place), this doesn't work as the next line needs to be the "committer" field,
      which would error out with the same error message even if we hadn't done an
      out-of-bounds read.
      
      As objects read from the object database are always NUL terminated, this issue
      cannot be triggered in normal code and thus it's not security critical.
      Patrick Steinhardt committed
  4. 18 Nov, 2018 5 commits