- 09 Nov, 2018 1 commit
-
-
When parsing a signature's timezone offset, we first check whether there is a timezone at all by verifying that there are still bytes left to read following the time itself. The check thus looks like `time_end + 1 < buffer_end`, which is actually correct in this case. After setting the timezone's start pointer to that location, we compute the remaining bytes by using the formula `buffer_end - tz_start + 1`, re-using the previous `time_end + 1`. But this is in fact missing the braces around `(tz_start + 1)`, thus leading to an overestimation of the remaining bytes by a length of two. In case of a non-NUL terminated buffer, this will result in an overflow. The function `git_signature__parse` is only used in two locations. First is `git_signature_from_buffer`, which only accepts a string without a length. The string thus necessarily has to be NUL terminated and cannot trigger the issue. The other function is `git_commit__parse_raw`, which can in fact trigger the error as it may receive non-NUL terminated commit data. But as objects read from the ODB are always NUL-terminated by us as a cautionary measure, it cannot trigger the issue either. In other words, this error does not have any impact on security.
Patrick Steinhardt committed
-
- 13 Jul, 2018 1 commit
-
-
C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.
Patrick Steinhardt committed
-
- 12 Nov, 2017 1 commit
-
-
Git considers '-0000' a valid offset for signature lines. They need to be treated as _not_ equal to a '+0000' signature offset. Parsing a signature line stores the offset in a signed integer which does not distinguish between `+0` and `-0`. This patch adds an additional flag `sign` to the `git_time` in the `signature` object which is populated with the sign of the offset. In addition to exposing this information to the user, this information is also used to compare signatures. /cc @pks-t @ethomson
Henry Kleynhans committed
-
- 28 Apr, 2016 1 commit
-
-
Allow users to construct a signature from the type of signature lines that actually appear in commits.
Edward Thomson committed
-
- 21 Oct, 2015 1 commit
-
-
Vicent Marti committed
-
- 10 Sep, 2014 1 commit
-
-
A signature is made up of a non-empty name and a non-empty email so let's validate that. This also brings us more in line with git, which also rejects ident with an empty email.
Carlos Martín Nieto committed
-
- 14 Nov, 2013 1 commit
-
-
Ben Straub committed
-
- 11 Jun, 2013 1 commit
-
-
There are all sorts of misconfiguration in the wild. We already rely on the signature constructor to trim SP. Extend the logic to use `isspace` to decide whether a character should be trimmed.
Carlos Martín Nieto committed
-
- 15 May, 2013 1 commit
-
-
Vicent Marti committed
-
- 11 Jul, 2012 1 commit
-
-
nulltoken committed
-
- 17 May, 2012 1 commit
-
-
Vicent Martí committed
-
- 21 Mar, 2012 1 commit
-
-
Created a copy of tests/resources/testrepo.git that is compatible with the Clar sandboxing helpers. Restructured commit test suites to use Clar sandbox helpers. Now using typed data arrays rather than lots of macros to define test cases.
Ben Straub committed
-