1. 31 Jan, 2019 9 commits
    • changelog: this is 0.28 · 63f96cd0
      Edward Thomson committed
    • mbedtls: fix potential size overflow when reading or writing data · 0ceac0d0
      The mbedtls library uses a callback mechanism to allow downstream users
      to plug in their own receive and send functions. We implement `bio_read`
      and `bio_write` functions, which simply wrap the `git_stream_read` and
      `git_stream_write` functions, respectively.
      
      The problem arises due to the return value of the callback functions:
      mbedtls expects us to return an `int` containing the actual number of
      bytes that were read or written. But this is in fact completely
      misdesigned, as callers are allowed to pass in a buffer with length
      `SIZE_MAX`. We thus may be unable to represent the number of bytes
      written via the return value.
      
      Fix this by only ever reading or writing at most `INT_MAX` bytes.
      Patrick Steinhardt committed
    • mbedtls: make global variables static · 75918aba
      The mbedtls stream implementation makes use of some global variables
      which are not marked as `static`, even though they're only used in this
      compilation unit. Fix this and remove a duplicate declaration.
      Patrick Steinhardt committed
    • openssl: fix potential size overflow when writing data · 657197e6
      Our `openssl_write` function calls `SSL_write` by passing in both `data`
      and `len` arguments directly. Thing is, our `len` parameter is of type
      `size_t` and theirs is of type `int`. We thus need to clamp our length
      to be at most `INT_MAX`.
      Patrick Steinhardt committed
    • streams: handle short writes only in generic stream · 7613086d
      Now that the function `git_stream__write_full` exists and callers of
      `git_stream_write` have been adjusted, we can lift logic for short
      writes out of the stream implementations. Instead, this is now handled
      either by `git_stream__write_full` or by callers of `git_stream_write`
      directly.
      Patrick Steinhardt committed
    • streams: fix callers potentially only writing partial data · 5265b31c
      Similar to the write(3) function, implementations of `git_stream_write`
      do not guarantee that all bytes are written. Instead, they return the
      number of bytes that actually have been written, which may be smaller
      than the total number of bytes. Furthermore, due to an interface design
      issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as
      otherwise we cannot represent the number of bytes written to the caller.
      
      Unfortunately, no caller of `git_stream_write` ever checks the return
      value, except to verify that no error occurred. Due to this, they are
      susceptible to the case where only partial data has been written.
      
      Fix this by introducing a new function `git_stream__write_full`. In
      contrast to `git_stream_write`, it will always return either success or
      failure, without returning the number of bytes written. Thus, it is able
      to write all `SIZE_MAX` bytes and loop around `git_stream_write` until
      all data has been written. Adjust all callers except the BIO callbacks
      in our mbedtls and OpenSSL streams, which already do the right thing and
      require the amount of bytes written.
      Patrick Steinhardt committed
    • streams: make file-local functions static · 193e7ce9
      The callback functions that implement the `git_stream` structure are
      only used inside of their respective implementation files, but they are
      not marked as `static`. Fix this.
      Patrick Steinhardt committed
  2. 30 Jan, 2019 2 commits
  3. 28 Jan, 2019 7 commits
  4. 27 Jan, 2019 3 commits
  5. 26 Jan, 2019 4 commits
  6. 25 Jan, 2019 15 commits