1. 29 May, 2018 2 commits
    • submodule: also validate Windows-separated paths for validity · 916af8ea
      Otherwise we would also admit `..\..\foo\bar` as a valid path and fail to
      protect Windows users.
      
      Ideally we would check for both separators without the need for the copied
      string, but this'll get us over the RCE.
      Carlos Martín Nieto committed
    • submodule: ignore submodules which include path traversal in their name · e6c757a7
      If the we decide that the "name" of the submodule (i.e. its path inside
      `.git/modules/`) is trying to escape that directory or otherwise trick us, we
      ignore the configuration for that submodule.
      
      This leaves us with a half-configured submodule when looking it up by path, but
      it's the same result as if the configuration really were missing.
      
      The name check is potentially more strict than it needs to be, but it lets us
      re-use the check we're doing for the checkout. The function that encapsulates
      this logic is ready to be exported but we don't want to do that in a security
      release so it remains internal for now.
      Carlos Martín Nieto committed
  2. 09 Oct, 2017 1 commit
    • config: pass repository when opening config files · 529e873c
      Our current configuration logic is completely oblivious of any
      repository, but only cares for actual file paths. Unfortunately, we are
      forced to break this assumption by the introduction of conditional
      includes, which are evaluated in the context of a repository. Right now,
      only one conditional exists with "gitdir:" -- it will only include the
      configuration if the current repository's git directory matches the
      value passed to "gitdir:".
      
      To support these conditionals, we have to break our API and make the
      repository available when opening a configuration file. This commit
      extends the `open` call of configuration backends to include another
      repository and adjusts existing code to have it available. This includes
      the user-visible functions `git_config_add_file_ondisk` and
      `git_config_add_backend`.
      Patrick Steinhardt committed
  3. 25 Aug, 2017 1 commit
    • submodule: refuse lookup in bare repositories · 477b3e04
      While it is technically possible to look up submodules inside of a
      bare repository by reading the submodule configuration of a specific
      commit, we do not offer this functionality right now. As such, calling
      both `git_submodule_lookup` and `git_submodule_foreach` should error out
      early when these functions encounter a bare repository. While
      `git_submodule_lookup` already does return an error due to not being
      able to parse the configuration, `git_submodule_foreach` simply returns
      success and never invokes the callback function.
      
      Fix the issue by having both functions check whether the repository is
      bare and returning an error in that case.
      Patrick Steinhardt committed
  4. 03 Jul, 2017 1 commit
    • Make sure to always include "common.h" first · 0c7f49dd
      Next to including several files, our "common.h" header also declares
      various macros which are then used throughout the project. As such, we
      have to make sure to always include this file first in all
      implementation files. Otherwise, we might encounter problems or even
      silent behavioural differences due to macros or defines not being
      defined as they should be. So in fact, our header and implementation
      files should make sure to always include "common.h" first.
      
      This commit does so by establishing a common include pattern. Header
      files inside of "src" will now always include "common.h" as its first
      other file, separated by a newline from all the other includes to make
      it stand out as special. There are two cases for the implementation
      files. If they do have a matching header file, they will always include
      this one first, leading to "common.h" being transitively included as
      first file. If they do not have a matching header file, they instead
      include "common.h" as first file themselves.
      
      This fixes the outlined problems and will become our standard practice
      for header and source files inside of the "src/" from now on.
      Patrick Steinhardt committed
  5. 17 Mar, 2017 1 commit
    • submodule: resolve URLs relative to main worktree · b0c9bc92
      It is possible to specify submodule URLs relative to the repository
      location. E.g. having a submodule with URL "../submodule" will look for
      the submodule at "repo/../submodule".
      
      With the introduction of worktrees, though, we cannot simply resolve the
      URL relative to the repository location itself. If the repository for
      which a URL is to be resolved is a working tree, we have to resolve the
      URL relative to the parent's repository path. Otherwise, the URL would
      change depending on where the working tree is located.
      
      Fix this by special-casing when we have a working tree while getting the
      URL base.
      Patrick Steinhardt committed
  6. 14 Mar, 2017 1 commit
    • submodule: catch when submodule is not staged on update · 32ecc98e
      When calling `git_submodule_update` on a submodule, we have to retrieve
      the ID of the submodule entry in the index. If the function is called on
      a submodule which is only partly initialized, the submodule entry may
      not be added to the index yet. This leads to an assert when trying to
      look up the blob later on.
      
      Fix the issue by checking if the index actually holds the submodule's
      ID and erroring out if it does not.
      Patrick Steinhardt committed
  7. 17 Feb, 2017 3 commits
  8. 13 Feb, 2017 1 commit
    • repository: use `git_repository_item_path` · c5f3da96
      The recent introduction of the commondir variable of a repository
      requires callers to distinguish whether their files are part of
      the dot-git directory or the common directory shared between
      multpile worktrees. In order to take the burden from callers and
      unify knowledge on which files reside where, the
      `git_repository_item_path` function has been introduced which
      encapsulate this knowledge.
      
      Modify most existing callers of `git_repository_path` to use
      `git_repository_item_path` instead, thus making them implicitly
      aware of the common directory.
      Patrick Steinhardt committed
  9. 27 Jan, 2017 1 commit
    • Fix uninitialized variable warning · d0c418c0
      Fix the following warning emitted by clang:
      [ 16%] Building C object CMakeFiles/libgit2_clar.dir/src/submodule.c.o
      /Users/mplough/devel/external/libgit2/src/submodule.c:408:6: warning: variable 'i' is used uninitialized whenever 'if' condition is true
            [-Wsometimes-uninitialized]
              if ((error = load_submodule_names(names, cfg)))
                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      /Users/mplough/devel/external/libgit2/src/submodule.c:448:20: note: uninitialized use occurs here
              git_iterator_free(i);
                                ^
      /Users/mplough/devel/external/libgit2/src/submodule.c:408:2: note: remove the 'if' if its condition is always false
              if ((error = load_submodule_names(names, cfg)))
              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      /Users/mplough/devel/external/libgit2/src/submodule.c:404:17: note: initialize the variable 'i' to silence this warning
              git_iterator *i;
                             ^
                              = NULL
      1 warning generated.
      Matthew Plough committed
  10. 23 Jan, 2017 3 commits
  11. 20 Jan, 2017 3 commits
    • Skip submodule head/index update when caching. · 673dff88
      `git_submodule_status` is very slow, bottlenecked on
      `git_repository_head_tree`, which it uses through `submodule_update_head`.  If
      the user has requested submodule caching, assume that they want this status
      cached too and skip it.
      
      Signed-off-by: David Turner <dturner@twosigma.com>
      Brock Peabody committed
    • Allow for caching of submodules. · 4d99c4cf
      Added `git_repository_submodule_cache_all` to initialze a cache of
      submodules on the repository so that operations looking up N
      submodules are O(N) and not O(N^2).  Added a
      `git_repository_submodule_cache_clear` function to remove the cache.
      
      Also optimized the function that loads all submodules as it was itself
      O(N^2) w.r.t the number of submodules, having to loop through the
      `.gitmodules` file once per submodule.  I changed it to process the
      `.gitmodules` file once, into a map.
      
      Signed-off-by: David Turner <dturner@twosigma.com>
      Brock Peabody committed
    • Fix formatting · ca05857e
      Signed-off-by: David Turner <dturner@twosigma.com>
      David Turner committed
  12. 29 Dec, 2016 1 commit
  13. 09 Oct, 2016 2 commits
  14. 28 Jun, 2016 1 commit
  15. 20 Mar, 2016 1 commit
  16. 11 Mar, 2016 1 commit
    • submodule: avoid passing NULL pointers to strncmp · 486302d6
      In C89 it is undefined behavior to pass `NULL` pointers to
      `strncmp` and later on in C99 it has been explicitly stated that
      functions with an argument declared as `size_t nmemb` specifying
      the array length shall always have valid parameters, no matter if
      `nmemb` is 0 or not (see ISO 9899 §7.21.1.2).
      
      The function `str_equal_no_trailing_slash` always passes its
      parameters to `strncmp` if their lengths match. This means if one
      parameter is `NULL` and the other one either `NULL` or a string
      with length 0 we will pass the pointers to `strncmp` and cause
      undefined behavior.
      
      Fix this by explicitly handling the case when both lengths are 0.
      Patrick Steinhardt committed
  17. 16 Feb, 2016 1 commit
  18. 11 Feb, 2016 1 commit
  19. 08 Dec, 2015 1 commit
  20. 04 Nov, 2015 1 commit
  21. 27 Sep, 2015 1 commit
  22. 24 Sep, 2015 1 commit
  23. 10 Sep, 2015 1 commit
  24. 28 Aug, 2015 1 commit
  25. 13 Jul, 2015 2 commits
  26. 11 Jul, 2015 1 commit
  27. 01 Jul, 2015 1 commit
    • submodule: correctly delimit the keys to use for lookup · e0af3cb3
      The regex we use to look at the gitmodules file does not correctly
      delimit the name of submodule which we want to look up and puts '.*'
      straight after the name, maching on any submodule which has the seeked
      submodule as a prefix of its name.
      
      Add the missing '\.' in the regex so we want a full stop to exist both
      before and after the submodule name.
      Carlos Martín Nieto committed
  28. 29 Jun, 2015 3 commits
  29. 25 Jun, 2015 1 commit