1. 09 Nov, 2018 1 commit
    • signature: fix out-of-bounds read when parsing timezone offset · 52f859fd
      When parsing a signature's timezone offset, we first check whether there
      is a timezone at all by verifying that there are still bytes left to
      read following the time itself. The check thus looks like `time_end + 1
      < buffer_end`, which is actually correct in this case. After setting the
      timezone's start pointer to that location, we compute the remaining
      bytes by using the formula `buffer_end - tz_start + 1`, re-using the
      previous `time_end + 1`. But this is in fact missing the braces around
      `(tz_start + 1)`, thus leading to an overestimation of the remaining
      bytes by a length of two. In case of a non-NUL terminated buffer, this
      will result in an overflow.
      
      The function `git_signature__parse` is only used in two locations. First
      is `git_signature_from_buffer`, which only accepts a string without a
      length. The string thus necessarily has to be NUL terminated and cannot
      trigger the issue.
      
      The other function is `git_commit__parse_raw`, which can in fact trigger
      the error as it may receive non-NUL terminated commit data. But as
      objects read from the ODB are always NUL-terminated by us as a
      cautionary measure, it cannot trigger the issue either.
      
      In other words, this error does not have any impact on security.
      Patrick Steinhardt committed
  2. 13 Jul, 2018 1 commit
    • treewide: remove use of C++ style comments · 9994cd3f
      C++ style comment ("//") are not specified by the ISO C90 standard and
      thus do not conform to it. While libgit2 aims to conform to C90, we did
      not enforce it until now, which is why quite a lot of these
      non-conforming comments have snuck into our codebase. Do a tree-wide
      conversion of all C++ style comments to the supported C style comments
      to allow us enforcing strict C90 compliance in a later commit.
      Patrick Steinhardt committed
  3. 12 Nov, 2017 1 commit
    • signature: distinguish +0000 and -0000 UTC offsets · f063dafb
      Git considers '-0000' a valid offset for signature lines.  They need to
      be treated as _not_ equal to a '+0000' signature offset.  Parsing a
      signature line stores the offset in a signed integer which does not
      distinguish between `+0` and `-0`.
      
      This patch adds an additional flag `sign` to the `git_time` in the
      `signature` object which is populated with the sign of the offset.  In
      addition to exposing this information to the user, this information is
      also used to compare signatures.
      
      /cc @pks-t @ethomson
      Henry Kleynhans committed
  4. 28 Apr, 2016 1 commit
  5. 21 Oct, 2015 1 commit
  6. 10 Sep, 2014 1 commit
  7. 14 Nov, 2013 1 commit
  8. 11 Jun, 2013 1 commit
  9. 15 May, 2013 1 commit
  10. 11 Jul, 2012 1 commit
  11. 17 May, 2012 1 commit
  12. 21 Mar, 2012 1 commit
    • Ported t04_commit.c to Clar. · e0799b6c
      Created a copy of tests/resources/testrepo.git that is compatible
      with the Clar sandboxing helpers.
      
      Restructured commit test suites to use Clar sandbox helpers.
      
      Now using typed data arrays rather than lots of macros to define test
      cases.
      Ben Straub committed