- 09 Nov, 2018 1 commit
-
-
When parsing a signature's timezone offset, we first check whether there is a timezone at all by verifying that there are still bytes left to read following the time itself. The check thus looks like `time_end + 1 < buffer_end`, which is actually correct in this case. After setting the timezone's start pointer to that location, we compute the remaining bytes by using the formula `buffer_end - tz_start + 1`, re-using the previous `time_end + 1`. But this is in fact missing the braces around `(tz_start + 1)`, thus leading to an overestimation of the remaining bytes by a length of two. In case of a non-NUL terminated buffer, this will result in an overflow. The function `git_signature__parse` is only used in two locations. First is `git_signature_from_buffer`, which only accepts a string without a length. The string thus necessarily has to be NUL terminated and cannot trigger the issue. The other function is `git_commit__parse_raw`, which can in fact trigger the error as it may receive non-NUL terminated commit data. But as objects read from the ODB are always NUL-terminated by us as a cautionary measure, it cannot trigger the issue either. In other words, this error does not have any impact on security.
Patrick Steinhardt committed
-
- 18 Oct, 2018 1 commit
-
-
We use `git__strtol64` and `git__strtol32` to parse the trailing commit or author date and timezone of signatures. As signatures are usually part of a commit or tag object and thus essentially untrusted data, the buffer may be misformatted and may not be `NUL` terminated. This may lead to an out-of-bounds read. Fix the issue by using `git__strntol64` and `git__strntol32` instead.
Patrick Steinhardt committed
-
- 13 Jul, 2018 1 commit
-
-
C++ style comment ("//") are not specified by the ISO C90 standard and thus do not conform to it. While libgit2 aims to conform to C90, we did not enforce it until now, which is why quite a lot of these non-conforming comments have snuck into our codebase. Do a tree-wide conversion of all C++ style comments to the supported C style comments to allow us enforcing strict C90 compliance in a later commit.
Patrick Steinhardt committed
-
- 15 Jun, 2018 5 commits
-
-
Nika Layzell committed
-
Nika Layzell committed
-
Nika Layzell committed
-
Nika Layzell committed
-
Nika Layzell committed
-
- 12 Nov, 2017 1 commit
-
-
Git considers '-0000' a valid offset for signature lines. They need to be treated as _not_ equal to a '+0000' signature offset. Parsing a signature line stores the offset in a signed integer which does not distinguish between `+0` and `-0`. This patch adds an additional flag `sign` to the `git_time` in the `signature` object which is populated with the sign of the offset. In addition to exposing this information to the user, this information is also used to compare signatures. /cc @pks-t @ethomson
Henry Kleynhans committed
-
- 12 Jul, 2017 1 commit
-
-
If the signature is invalid but we detect that after allocating the strings, we free them. We however leave that pointer dangling in the structure the caller gave us, which can lead to double-free. Set these pointers to `NULL` after freeing their memory to avoid this.
Carlos Martín Nieto committed
-
- 03 Jul, 2017 1 commit
-
-
Next to including several files, our "common.h" header also declares various macros which are then used throughout the project. As such, we have to make sure to always include this file first in all implementation files. Otherwise, we might encounter problems or even silent behavioural differences due to macros or defines not being defined as they should be. So in fact, our header and implementation files should make sure to always include "common.h" first. This commit does so by establishing a common include pattern. Header files inside of "src" will now always include "common.h" as its first other file, separated by a newline from all the other includes to make it stand out as special. There are two cases for the implementation files. If they do have a matching header file, they will always include this one first, leading to "common.h" being transitively included as first file. If they do not have a matching header file, they instead include "common.h" as first file themselves. This fixes the outlined problems and will become our standard practice for header and source files inside of the "src/" from now on.
Patrick Steinhardt committed
-
- 01 May, 2017 1 commit
-
-
Edward Thomson committed
-
- 29 Dec, 2016 1 commit
-
-
Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
Edward Thomson committed
-
- 17 Dec, 2016 1 commit
-
-
Etc/GMT-14 aka UTC+14:00 is a thing.... https://en.wikipedia.org/wiki/UTC%2B14:00 Also allow offsets on the last minute (59). Addresses: https://bugs.debian.org/841532 Fixes: #3970
Andreas Henriksson committed
-
- 28 Apr, 2016 1 commit
-
-
Allow users to construct a signature from the type of signature lines that actually appear in commits.
Edward Thomson committed
-
- 18 Feb, 2016 1 commit
-
-
When checking for out of memory situations we usually use the GITERR_CHECK_ALLOC macro. Besides conforming to our current code base it adds the benefit of silencing errors in Coverity due to Coverity handling the macro's error path as abort.
Patrick Steinhardt committed
-
- 21 Oct, 2015 1 commit
-
-
Vicent Marti committed
-
- 27 Oct, 2014 1 commit
-
-
Commit the current patch of a rebase process.
Edward Thomson committed
-
- 30 Sep, 2014 1 commit
-
-
This will be used by the transaction code.
Carlos Martín Nieto committed
-
- 10 Sep, 2014 1 commit
-
-
A signature is made up of a non-empty name and a non-empty email so let's validate that. This also brings us more in line with git, which also rejects ident with an empty email.
Carlos Martín Nieto committed
-
- 07 May, 2014 1 commit
-
-
Accessing the repository's config and immediately taking a snapshot of it is a common operation, so let's provide a convenience function for it.
Carlos Martín Nieto committed
-
- 18 Apr, 2014 1 commit
-
-
This way we can assume we have a consistent view of the config situation when we're looking up remote, branch, pack-objects, etc.
Carlos Martín Nieto committed
-
- 08 Feb, 2014 1 commit
-
-
This adds an API to amend an existing commit, basically a shorthand for creating a new commit filling in missing parameters from the values of an existing commit. As part of this, I also added a new "sys" API to create a commit using a callback to get the parents. This allowed me to rewrite all the other commit creation APIs so that temporary allocations are no longer needed.
Russell Belfer committed
-
- 14 Jan, 2014 1 commit
-
-
This changes git_signature_dup to actually honor oom conditions raised by the call to git__strdup. It also aligns it with the error code return pattern used everywhere else.
Arthur Schreiber committed
-
- 13 Nov, 2013 1 commit
-
-
Ben Straub committed
-
- 16 Aug, 2013 1 commit
-
-
This adds a new API for creating a signature that uses the config to look up "user.name" and "user.email".
Russell Belfer committed
-
- 11 Jun, 2013 1 commit
-
-
There are all sorts of misconfiguration in the wild. We already rely on the signature constructor to trim SP. Extend the logic to use `isspace` to decide whether a character should be trimmed.
Carlos Martín Nieto committed
-
- 10 Jun, 2013 1 commit
-
-
This is a significant reorganization of the diff code to break it into a set of more clearly distinct files and to document the new organization. Hopefully this will make the diff code easier to understand and to extend. This adds a new `git_diff_driver` object that looks of diff driver information from the attributes and the config so that things like function content in diff headers can be provided. The full driver spec is not implemented in the commit - this is focused on the reorganization of the code and putting the driver hooks in place. This also removes a few #includes from src/repository.h that were overbroad, but as a result required extra #includes in a variety of places since including src/repository.h no longer results in pulling in the whole world.
Russell Belfer committed
-
- 02 Jun, 2013 1 commit
-
-
git doesn't do that, and it's not something that's usually actionable to fix. if you have a git repository with one bad timezone in the history, it's too late to change it most likely.
Scott J. Goldman committed
-
- 15 May, 2013 2 commits
-
-
nulltoken committed
-
Vicent Marti committed
-
- 18 Apr, 2013 1 commit
-
-
Nicolas Viennot committed
-
- 20 Feb, 2013 3 commits
-
-
Vicent Marti committed
-
Vicent Marti committed
-
Vicent Marti committed
-
- 21 Jan, 2013 1 commit
-
-
The commit time is already stored as a git_time_t, but we were parsing is as a uint32_t. This just switches the parser to use uint64_t which will handle dates further in the future (and adds some tests of those future dates).
Russell Belfer committed
-
- 08 Jan, 2013 1 commit
-
-
Edward Thomson committed
-
- 03 Dec, 2012 1 commit
-
-
Ben Straub committed
-
- 30 Nov, 2012 1 commit
-
-
Ben Straub committed
-
- 04 Sep, 2012 1 commit
-
-
nulltoken committed
-