Commit 749374314d9ebac4ccae3b2587019d41d1d89699
2018-10-05T10:56:02
config_file: properly ignore includes without "path" value In case a configuration includes a key "include.path=" without any value, the generated configuration entry will have its value set to `NULL`. This is unexpected by the logic handling includes, and as soon as we try to calculate the included path we will unconditionally dereference that `NULL` pointer and thus segfault. Fix the issue by returning early in both `parse_include` and `parse_conditional_include` in case where the `file` argument is `NULL`. Add a test to avoid future regression. The issue has been found by the oss-fuzz project, issue 10810. (cherry picked from commit d06d4220eec035466d1a837972a40546b8904330)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
diff --git a/src/config_file.c b/src/config_file.c
index 81339b4..721dbef 100644
--- a/src/config_file.c
+++ b/src/config_file.c
@@ -1598,7 +1598,7 @@ static int read_on_variable(
result = 0;
/* Add or append the new config option */
- if (!git__strcmp(var->entry->name, "include.path")) {
+ if (!git__strcmp(var->entry->name, "include.path") && var->entry->value) {
struct reader *r;
git_buf path = GIT_BUF_INIT;
char *dir;
diff --git a/tests/config/include.c b/tests/config/include.c
index f78fe96..36fc59b 100644
--- a/tests/config/include.c
+++ b/tests/config/include.c
@@ -96,6 +96,21 @@ void test_config_include__depth(void)
cl_git_pass(p_unlink("b"));
}
+void test_config_include__empty_path_sanely_handled(void)
+{
+ git_config *cfg;
+ git_buf buf = GIT_BUF_INIT;
+
+ cl_git_mkfile("a", "[include]\npath");
+ cl_git_pass(git_config_open_ondisk(&cfg, "a"));
+ cl_git_pass(git_config_get_string_buf(&buf, cfg, "include.path"));
+ cl_assert_equal_s("", git_buf_cstr(&buf));
+
+ git_buf_free(&buf);
+ git_config_free(cfg);
+ cl_git_pass(p_unlink("a"));
+}
+
void test_config_include__missing(void)
{
git_config *cfg;