1. 10 Apr, 2022 1 commit
    • tree: move git_oid into tree entry · ab042161
      A tree entry previously pointed directly into the object id within the
      tree object itself; this is useful to avoid any unnecessary memory copy
      (and an unnecessary use of 40 bytes per tree entry) but difficult if we
      change the underlying `git_oid` object to not simply be a raw object id
      but have additional structure.
      
      This commit moves the `git_oid` directly into the tree entry; this
      simplifies the tree entry creation from user data.  We now copy the
      `git_oid` into place when parsing.
      Edward Thomson committed
  2. 23 Feb, 2022 1 commit
  3. 22 Jan, 2019 1 commit
  4. 01 Dec, 2018 1 commit
  5. 02 Nov, 2018 3 commits
    • tree: fix integer overflow when reading unreasonably large filemodes · 7fafec0e
      The `parse_mode` option uses an open-coded octal number parser. The
      parser is quite naive in that it simply parses until hitting a character
      that is not in the accepted range of '0' - '7', completely ignoring the
      fact that we can at most accept a 16 bit unsigned integer as filemode.
      If the filemode is bigger than UINT16_MAX, it will thus overflow and
      provide an invalid filemode for the object entry.
      
      Fix the issue by using `git__strntol32` instead and doing a bounds
      check. As this function already handles overflows, it neatly solves the
      problem.
      
      Note that previously, `parse_mode` was also skipping the character
      immediately after the filemode. In proper trees, this should be a simple
      space, but in fact the parser accepted any character and simply skipped
      over it. As a consequence of using `git__strntol32`, we now need to an
      explicit check for a trailing whitespace after having parsed the
      filemode. Because of the newly introduced error message, the test
      object::tree::parse::mode_doesnt_cause_oob_read needs adjustment to its
      error message check, which in fact is a good thing as it demonstrates
      that we now fail looking for the whitespace immediately following the
      filemode.
      
      Add a test that shows that we will fail to parse such invalid filemodes
      now.
      Patrick Steinhardt committed
    • tree: fix mode parsing reading out-of-bounds · f647bbc8
      When parsing a tree entry's mode, we will eagerly parse until we hit a
      character that is not in the accepted set of octal digits '0' - '7'. If
      the provided buffer is not a NUL terminated one, we may thus read
      out-of-bounds.
      
      Fix the issue by passing the buffer length to `parse_mode` and paying
      attention to it. Note that this is not a vulnerability in our usual code
      paths, as all object data read from the ODB is NUL terminated.
      Patrick Steinhardt committed
    • tree: add various tests exercising the tree parser · d4ad658a
      We currently don't have any tests that directly exercise the tree
      parser. This is due to the fact that the parsers for raw object data has
      only been recently introduce with commit ca4db5f4 (object: implement
      function to parse raw data, 2017-10-13), and previous to that the setup
      simply was too cumbersome as it always required going through the ODB.
      
      Now that we have the infrastructure, add a suite of tests that directly
      exercise the tree parser and various edge cases.
      Patrick Steinhardt committed