- 24 May, 2018 4 commits
-
-
Carlos Martín Nieto committed
-
Carlos Martín Nieto committed
-
Carlos Martín Nieto committed
-
We might modify caches due to us trying to load the configuration to figure out what kinds of filesystem protections we should have.
Carlos Martín Nieto committed
-
- 23 May, 2018 4 commits
-
-
We still compare case-insensitively to protect more thoroughly as we don't know what specifics we'll see on the system and it's the behaviour from git.
Carlos Martín Nieto committed -
When dealing with `core.proectNTFS` and `core.protectHFS` we do check against `.gitmodules` but we still have a failing test as the non-filesystem codepath does not check for it.
Carlos Martín Nieto committed -
Any part of the library which asks the question can pass in the mode to have it checked against `.gitmodules` being a symlink. This is particularly relevant for adding entries to the index from the worktree and for checking out files.
Carlos Martín Nieto committed -
This is so we have it available for the path validity checking. In a later commit we will start rejecting `.gitmodules` files as symlinks.
Carlos Martín Nieto committed
-
- 22 May, 2018 3 commits
-
-
We may take in names from the middle of a string so we want the caller to let us know how long the path component is that we should be checking.
Carlos Martín Nieto committed -
We want to reject these as they cause compatibility issues and can lead to git writing to files outside of the repository.
Carlos Martín Nieto committed -
These will be used by the checkout code to detect them for the particular filesystem they're on.
Carlos Martín Nieto committed
-
- 18 May, 2018 5 commits
-
-
These can't go into the public API yet as we don't want to introduce API or ABI changes in a security release.
Carlos Martín Nieto committed -
Carlos Martín Nieto committed
-
Given a path component it knows what to pass to the filesystem-specific functions so we're protected even from trees which try to use the 8.3 naming rules to get around us matching on the filename exactly. The logic and test strings come from the equivalent git change.
Carlos Martín Nieto committed -
It checks against the 8.3 shortname variants, including the one which includes the checksum as part of its name.
Carlos Martín Nieto committed -
This lets us check for other kinds of reserved files.
Carlos Martín Nieto committed
-
- 14 May, 2018 1 commit
-
-
Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to protect Windows users. Ideally we would check for both separators without the need for the copied string, but this'll get us over the RCE.
Carlos Martín Nieto committed
-
- 09 May, 2018 1 commit
-
-
If the we decide that the "name" of the submodule (i.e. its path inside `.git/modules/`) is trying to escape that directory or otherwise trick us, we ignore the configuration for that submodule. This leaves us with a half-configured submodule when looking it up by path, but it's the same result as if the configuration really were missing. The name check is potentially more strict than it needs to be, but it lets us re-use the check we're doing for the checkout. The function that encapsulates this logic is ready to be exported but we don't want to do that in a security release so it remains internal for now.
Carlos Martín Nieto committed
-
- 30 Apr, 2018 1 commit
-
-
We should pretend such submdules do not exist as it can lead to RCE.
Carlos Martín Nieto committed
-
- 22 Apr, 2018 3 commits
-
-
mbedTLS support
Edward Thomson committed -
Configuration entry iteration in order
Edward Thomson committed -
blame_git: fix coalescing step never being executed
Edward Thomson committed
-
- 20 Apr, 2018 9 commits
-
-
Fix leaks in master
Patrick Steinhardt committed -
Leak fixes for v0.27.1
Patrick Steinhardt committed -
worktree: Read worktree specific reflog for HEAD
Patrick Steinhardt committed -
Valgrind log: ==2711== 305 (48 direct, 257 indirect) bytes in 1 blocks are definitely lost in loss record 576 of 624 ==2711== at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2711== by 0x5E079E: git__calloc (util.h:99) ==2711== by 0x5E0D21: open_worktree_dir (worktree.c:134) ==2711== by 0x5E0F23: git_worktree_lookup (worktree.c:176) ==2711== by 0x5E1972: git_worktree_add (worktree.c:388) ==2711== by 0x551F23: test_worktree_worktree__add_with_explicit_branch (worktree.c:292) ==2711== by 0x45853E: clar_run_test (clar.c:222) ==2711== by 0x4587E1: clar_run_suite (clar.c:286) ==2711== by 0x458B04: clar_parse_args (clar.c:362) ==2711== by 0x458CAB: clar_test_run (clar.c:428) ==2711== by 0x45665C: main (main.c:24)
Etienne Samson committed -
CID:1383993, "In git_refspec__dwim_one: All paths that lead to this null pointer comparison already dereference the pointer earlier (CWE-476)"
Etienne Samson committed -
As per CID:1378747, we might be called with a NULL repo, which would be deferenced in write_add_refspec
Etienne Samson committed -
Etienne Samson committed
-
Valgrind log : ==17702== 18 bytes in 1 blocks are indirectly lost in loss record 69 of 1,123 ==17702== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17702== by 0x5FDBB49: strdup (strdup.c:42) ==17702== by 0x632B3E: git__strdup (util.h:106) ==17702== by 0x632D2C: git_reference__alloc_symbolic (refs.c:64) ==17702== by 0x62E0AF: loose_lookup (refdb_fs.c:408) ==17702== by 0x62E636: refdb_fs_backend__iterator_next (refdb_fs.c:565) ==17702== by 0x62CD8E: git_refdb_iterator_next (refdb.c:147) ==17702== by 0x6347F2: git_reference_next (refs.c:838) ==17702== by 0x6345CB: git_reference_foreach (refs.c:748) ==17702== by 0x66BE62: local_download_pack (local.c:579) ==17702== by 0x5DB48F: git_fetch_download_pack (fetch.c:148) ==17702== by 0x639028: git_remote_download (remote.c:932) ==17702== by 0x63919A: git_remote_fetch (remote.c:969) ==17702== by 0x4ABEDD: test_fetchhead_nonetwork__fetch_into_repo_with_symrefs (nonetwork.c:362) ==17702== by 0x4125D9: clar_run_test (clar.c:222) ==17702== by 0x41287C: clar_run_suite (clar.c:286) ==17702== by 0x412DDE: clar_test_run (clar.c:433) ==17702== by 0x4105E1: main (main.c:24)
Etienne Samson committed -
fixed stack smashing due to wrong size of struct stat on the stack
Patrick Steinhardt committed
-
- 19 Apr, 2018 1 commit
-
-
on 32-bit systems with 64-bit file descriptor offsets enabled (added -D_FILE_OFFSET_BITS=64 when compiling the test suite)
Andreas Baumann committed
-
- 17 Apr, 2018 8 commits
-
-
scripts: add backporting script
Edward Thomson committed -
worktree: add ability to create worktree with pre-existing branch
Edward Thomson committed -
refs: preserve the owning refdb when duping reference
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
The CRLF data generator is somewhat obscure; add information about how to use it and what it does.
Edward Thomson committed -
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed -
Update with vanilla Git 2.11.0 on Debian Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-