- 23 Mar, 2018 3 commits
-
-
odb: fix writing to fake write streams
Edward Thomson committed -
In commit 7ec7aa4a (odb: assert on logic errors when writing objects, 2018-02-01), the check for whether we are trying to overflowing the fake stream buffer was changed from returning an error to raising an assert. The conversion forgot though that the logic around `assert`s are basically inverted. Previously, if the statement stream->written + len > steram->size evaluated to true, we would return a `-1`. Now we are asserting that this statement is true, and in case it is not we will raise an error. So the conversion to the `assert` in fact changed the behaviour to the complete opposite intention. Fix the assert by inverting its condition again and add a regression test.
Patrick Steinhardt committed -
Our mempack ODB backend has no test coverage at all right now. Add a simple test suite to at least have some coverage of the most basic operations on the ODB.
Patrick Steinhardt committed
-
- 20 Mar, 2018 3 commits
-
-
online tests: update auth for bitbucket test
Edward Thomson committed -
Update the settings to use a specific read-only token for accessing our test repositories in Bitbucket.
Edward Thomson committed -
Refactor `gitno_extract_url_parts`
Edward Thomson committed
-
- 19 Mar, 2018 11 commits
-
-
Edward Thomson committed
-
RFC 3986 says that hostnames can be percent encoded. Percent decode hostnames in our URLs.
Edward Thomson committed -
Edward Thomson committed
-
Now that we can decode percent-encoded strings as part of `git_buf`s, use that decoder in `gitno_extract_url_parts`.
Edward Thomson committed -
Use `git_buf_decode_percent` so that we can avoid allocating a temporary buffer.
Edward Thomson committed -
Introduce a function to take a percent-encoded string (URI encoded, described by RFC 1738) and decode it into a `git_buf`.
Edward Thomson committed -
Steven King Jr committed
-
Steven King Jr committed
-
Steven King Jr committed
-
online::clone: skip creds fallback test
Edward Thomson committed -
At present, we have three online tests against bitbucket: one which specifies the credentials in the payload, one which specifies the correct credentials in the URL and a final one that specifies the incorrect credentials in the URL. Bitbucket has begun responding to the latter test with a 403, which causes us to fail. Break these three tests into separate tests so that we can skip the latter until this is resolved on Bitbucket's end or until we can change the test to a different provider.
Edward Thomson committed
-
- 13 Mar, 2018 1 commit
-
-
pathspec: improve git_pathspec_flag_t doc rendering
Patrick Steinhardt committed
-
- 12 Mar, 2018 2 commits
-
-
Index parsing fixes
Edward Thomson committed -
config: specify how we match the regular expressions
Edward Thomson committed
-
- 11 Mar, 2018 1 commit
-
-
Carlos Martín Nieto committed
-
- 10 Mar, 2018 3 commits
-
-
When computing the complete path length from the encoded prefix-compressed path, we end up just allocating the complete path without ever checking what the encoded path length actually is. This can easily lead to a denial of service by just encoding an unreasonable long path name inside of the index. Git already enforces a maximum path length of 4096 bytes. As we also have that enforcement ready in some places, just make sure that the resulting path is smaller than GIT_PATH_MAX. Reported-by: Krishna Ram Prakash R <krp@gtux.in> Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
Patrick Steinhardt committed -
The index format in version 4 has prefix-compressed entries, where every index entry can compress its path by using a path prefix of the previous entry. Since implmenting support for this index format version in commit 5625d86b (index: support index v4, 2016-05-17), though, we do not correctly verify that the prefix length that we want to reuse is actually smaller or equal to the amount of characters than the length of the previous index entry's path. This can lead to a an integer underflow and subsequently to an out-of-bounds read. Fix this by verifying that the prefix is actually smaller than the previous entry's path length. Reported-by: Krishna Ram Prakash R <krp@gtux.in> Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
Patrick Steinhardt committed -
The function `read_entry` does not conform to our usual coding style of returning stuff via the out parameter and to use the return value for reporting errors. Due to most of our code conforming to that pattern, it has become quite natural for us to actually return `-1` in case there is any error, which has also slipped in with commit 5625d86b (index: support index v4, 2016-05-17). As the function returns an `size_t` only, though, the return value is wrapped around, causing the caller of `read_tree` to continue with an invalid index entry. Ultimately, this can lead to a double-free. Improve code and fix the bug by converting the function to return the index entry size via an out parameter and only using the return value to indicate errors. Reported-by: Krishna Ram Prakash R <krp@gtux.in> Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
Patrick Steinhardt committed
-
- 08 Mar, 2018 3 commits
-
-
Integer overflow
Patrick Steinhardt committed -
Jacques Germishuys committed
-
Jacques Germishuys committed
-
- 07 Mar, 2018 2 commits
-
-
deps: upgrade embedded zlib to version 1.2.11
Edward Thomson committed -
The current version of zlib bundled with libgit2 is version 1.2.8. This version has several CVEs assigned: - CVE-2016-9843 - CVE-2016-9841 - CVE-2016-9842 - CVE-2016-9840 Upgrade the bundled version to the current release 1.2.11, which has these vulnerabilities fixes.
Patrick Steinhardt committed
-
- 04 Mar, 2018 2 commits
-
-
CHANGELOG: mention the change to `git_odb_open_rstream`
Edward Thomson committed -
Worktree lock reason should be const
Edward Thomson committed
-
- 03 Mar, 2018 1 commit
-
-
Jacques Germishuys committed
-
- 02 Mar, 2018 2 commits
-
-
Jacques Germishuys committed
-
Carlos Martín Nieto committed
-
- 28 Feb, 2018 6 commits
-
-
Cast less blindly between configuration objects
Patrick Steinhardt committed -
curl: initialize and cleanup global curl state
Edward Thomson committed -
Instead of treating it as a no-op, treat it as a programming error and return the same kind of error as if you called to set or delete variables on a snapshot.
Carlos Martín Nieto committed -
tree: initialize the id we use for testing submodule insertions
Patrick Steinhardt committed -
win32: strncmp -> git__strncmp for win32 STDCALL
Patrick Steinhardt committed -
Our curl-based streams make use of the easy curl interface. This interface automatically initializes and de-initializes the global curl state by calling out to `curl_global_init` and `curl_global_cleanup`. Thus, all global state will be repeatedly re-initialized when creating multiple curl streams in succession. Despite being inefficient, this is not thread-safe due to `curl_global_init` being not thread-safe itself. Thus a multi-threaded programing handling multiple curl streams at the same time is inherently racy. Fix the issue by globally initializing and cleaning up curl's state.
Patrick Steinhardt committed
-