1. 25 Oct, 2018 1 commit
    • util: provide `git__memmem` function · 83e8a6b3
      Unfortunately, neither the `memmem` nor the `strnstr` functions are part
      of any C standard but are merely extensions of C that are implemented by
      e.g. glibc. Thus, there is no standardized way to search for a string in
      a block of memory with a limited size, and using `strstr` is to be
      considered unsafe in case where the buffer has not been sanitized. In
      fact, there are some uses of `strstr` in exactly that unsafe way in our
      codebase.
      
      Provide a new function `git__memmem` that implements the `memmem`
      semantics. That is in a given haystack of `n` bytes, search for the
      occurrence of a byte sequence of `m` bytes and return a pointer to the
      first occurrence. The implementation chosen is the "Not So Naive"
      algorithm from [1]. It was chosen as the implementation is comparably
      simple while still being reasonably efficient in most cases.
      Preprocessing happens in constant time and space, searching has a time
      complexity of O(n*m) with a slightly sub-linear average case.
      
      [1]: http://www-igm.univ-mlv.fr/~lecroq/string/
      Patrick Steinhardt committed
  2. 17 Oct, 2018 3 commits
  3. 15 Oct, 2018 3 commits
  4. 13 Oct, 2018 1 commit
  5. 12 Oct, 2018 1 commit
  6. 11 Oct, 2018 4 commits
    • Apply code review feedback · 463c21e2
      Nelson Elhage committed
    • fuzzers: add object parsing fuzzer · a1d5fd06
      Add a simple fuzzer that exercises our object parser code. The fuzzer
      is quite trivial in that it simply passes the input data directly to
      `git_object__from_raw` for each of the four object types.
      Patrick Steinhardt committed
    • object: properly propagate errors on parsing failures · 6562cdda
      When failing to parse a raw object fromits data, we free the
      partially parsed object but then fail to propagate the error to the
      caller. This may lead callers to operate on objects with invalid memory,
      which will sooner or later cause the program to segfault.
      
      Fix the issue by passing up the error code returned by `parse_raw`.
      Patrick Steinhardt committed
    • fuzzers: initialize libgit2 in standalone driver · 6956a954
      The standalone driver for libgit2's fuzzing targets makes use of
      functions from libgit2 itself. While this is totally fine to do, we need
      to make sure to always have libgit2 initialized via `git_libgit2_init`
      before we call out to any of these. While this happens in most cases as
      we call `LLVMFuzzerInitialize`, which is provided by our fuzzers and
      which right now always calls `git_libgit2_init`, one exception to this
      rule is our error path when not enough arguments have been given. In
      this case, we will call `git_vector_free_deep` without libgit2 having
      been initialized. As we did not set up our allocation functions in that
      case, this will lead to a segmentation fault.
      
      Fix the issue by always initializing and shutting down libgit2 in the
      standalone driver. Note that we cannot let this replace the
      initialization in `LLVMFuzzerInitialize`, as it is required when using
      the "real" fuzzers by LLVM without our standalone driver. It's no
      problem to call the initialization and deinitialization functions
      multiple times, though.
      Patrick Steinhardt committed
  7. 09 Oct, 2018 2 commits
  8. 07 Oct, 2018 3 commits
  9. 06 Oct, 2018 1 commit
    • ignore unsupported http authentication schemes · 475db39b
      auth_context_match returns 0 instead of -1 for unknown schemes to
      not fail in situations where some authentication schemes are supported
      and others are not.
      
      apply_credentials is adjusted to handle auth_context_match returning
      0 without producing authentication context.
      Anders Borum committed
  10. 05 Oct, 2018 12 commits
  11. 04 Oct, 2018 7 commits
  12. 03 Oct, 2018 2 commits
    • smart_pkt: do not accept callers passing in no line length · 1bc5b05c
      Right now, we simply ignore the `linelen` parameter of
      `git_pkt_parse_line` in case the caller passed in zero. But in fact, we
      never want to assume anything about the provided buffer length and
      always want the caller to pass in the available number of bytes.
      And in fact, checking all the callers, one can see that the funciton is
      never being called in case where the buffer length is zero, and thus we
      are safe to remove this check.
      Patrick Steinhardt committed
    • smart_pkt: return parsed length via out-parameter · c05790a8
      The `parse_len` function currently directly returns the parsed length of
      a packet line or an error code in case there was an error. Instead,
      convert this to our usual style of using the return value as error code
      only and returning the actual value via an out-parameter. Thus, we can
      now convert the output parameter to an unsigned type, as the size of a
      packet cannot ever be negative.
      
      While at it, we also move the check whether the input buffer is long
      enough into `parse_len` itself. We don't really want to pass around
      potentially non-NUL-terminated buffers to functions without also passing
      along the length, as this is dangerous in the unlikely case where other
      callers for that function get added. Note that we need to make sure
      though to not mess with `GIT_EBUFS` error codes, as these indicate not
      an error to the caller but that he needs to fetch more data.
      Patrick Steinhardt committed