1. 13 Sep, 2019 7 commits
  2. 12 Sep, 2019 1 commit
  3. 11 Sep, 2019 1 commit
  4. 10 Sep, 2019 3 commits
  5. 09 Sep, 2019 4 commits
  6. 28 Aug, 2019 1 commit
  7. 27 Aug, 2019 9 commits
  8. 26 Aug, 2019 1 commit
  9. 24 Aug, 2019 1 commit
  10. 23 Aug, 2019 11 commits
    • http: ensure the scheme supports the credentials · 4de51f9e
      When a server responds with multiple scheme support - for example,
      Negotiate and NTLM are commonly used together - we need to ensure that
      we choose a scheme that supports the credentials.
      Ian Hattendorf committed
    • Merge pull request #5054 from tniessen/util-use-64-bit-timer · 60319788
      util: use 64 bit timer on Windows
      Edward Thomson committed
    • Merge pull request #5200 from pks-t/pks/memory-allocation-audit · feac5945
      Memory allocation audit
      Edward Thomson committed
    • util: do not perform allocations in insertsort · 8cbef12d
      Our hand-rolled fallback sorting function `git__insertsort_r` does an
      in-place sort of the given array. As elements may not necessarily be
      pointers, it needs a way of swapping two values of arbitrary size, which
      is currently implemented by allocating a temporary buffer of the
      element's size. This is problematic, though, as the emulated `qsort`
      interface doesn't provide any return values and thus cannot signal an
      error if allocation of that temporary buffer has failed.
      
      Convert the function to swap via a temporary buffer allocated on the
      stack. Like this, it can `memcpy` contents of both elements in small
      batches without requiring a heap allocation. The buffer size has been
      chosen such that in most cases, a single iteration of copying will
      suffice. Most importantly, it can fully contain `git_oid` structures and
      pointers.
      
      Add a bunch of tests for the `git__qsort_r` interface to verify nothing
      breaks. Furthermore, this removes the declaration of `git__insertsort_r`
      and makes it static as it is not used anywhere else.
      Patrick Steinhardt committed
    • xdiff: catch memory allocation errors · f3b3e543
      The xdiff code contains multiple call sites where the results of
      `xdl_malloc` are not being checked for memory allocation errors.
      
      Add checks to fix possible segfaults due to `NULL` pointer accesses.
      Patrick Steinhardt committed
    • transports: http: check for memory allocation failures · c2dd895a
      When allocating a chunk that is used to write to HTTP streams, we do not
      check for memory allocation errors. This may lead us to write to a
      `NULL` pointer and thus cause a segfault.
      
      Fix this by adding a call to `GIT_ERROR_CHECK_ALLOC`.
      Patrick Steinhardt committed
    • trailer: check for memory allocation errors · 08699541
      The "trailer.c" code has been copied mostly verbatim from git.git with
      minor adjustments, only. As git.git's `xmalloc` function, which aborts
      on memory allocation errors, has been swapped out for `git_malloc`,
      which doesn't abort, we may inadvertently access `NULL` pointers.
      
      Add checks to fix this.
      Patrick Steinhardt committed
    • posix: fix direct use of `malloc` · 8c7d9761
      In "posix.c" there are multiple callsites which execute `malloc` instead
      of `git__malloc`. Thus, users of library are not able to track these
      allocations with a custom allocator.
      
      Convert these call sites to use `git__malloc` instead.
      Patrick Steinhardt committed
    • indexer: catch OOM when adding expected OIDs · a477bff1
      When adding OIDs to the indexer's map of yet-to-be-seen OIDs to verify
      that packfiles are complete, we do so by first allocating a new OID and
      then calling `git_oidmap_set` on it. There was no check for memory
      allocation errors in place, though, leading to possible segfaults due to
      trying to copy data to a `NULL` pointer.
      
      Verify the result of `git__malloc` with `GIT_ERROR_CHECK_ALLOC` to fix
      the issue.
      Patrick Steinhardt committed
    • merge: check return value of `git_commit_list_insert` · d4fe402b
      The function `git_commit_list_insert` dynamically allocates memory and
      may thus fail to insert a given commit, but we didn't check for that in
      several places in "merge.c".
      
      Convert surrounding functions to return error codes and check whether
      `git_commit_list_insert` was successful, returning an error if not.
      Patrick Steinhardt committed
    • blame_git: detect memory allocation errors · c0486188
      The code in "blame_git.c" was mostly imported from git.git with only
      minor changes. One of these changes was to use our own allocators
      instead of git's `xmalloc`, but there's a subtle difference: `xmalloc`
      would abort the program if unable to allocate any memory, bit
      `git__malloc` doesn't. As we didn't check for memory allocation errors
      in some places, we might inadvertently dereference a `NULL` pointer in
      out-of-memory situations.
      
      Convert multiple functions to return proper error codes and add calls to
      `GIT_ERROR_CHECK_ALLOC` to fix this.
      Patrick Steinhardt committed
  11. 21 Aug, 2019 1 commit
    • http: allow dummy negotiation scheme to fail to act · 1c847169
      The dummy negotiation scheme is used for known authentication strategies
      that do not wish to act.  For example, when a server requests the
      "Negotiate" scheme but libgit2 is not built with Negotiate support, and
      will use the "dummy" strategy which will simply not act.
      
      Instead of setting `out` to NULL and returning a successful code, return
      `GIT_PASSTHROUGH` to indicate that it did not act and catch that error
      code.
      Edward Thomson committed