|
f673e232
|
2018-12-27T13:47:34
|
|
git_error: use new names in internal APIs and usage
Move to the `git_error` name in the internal API for error-related
functions.
|
|
647dfdb4
|
2019-01-10T22:13:07
|
|
git_error: deprecate error values
Replace the `GITERR` values with a `const int` to deprecate error
values.
|
|
20961b98
|
2018-12-26T14:06:21
|
|
git_error: use full class name in public error API
Move to the `git_error` name in error-related functions, deprecating the
`giterr` functions. This means, for example, that `giterr_last` is now
`git_error_last`. The old names are retained for compatibility.
This only updates the public API; internal API and function usage
remains unchanged.
|
|
f7416509
|
2019-01-20T20:15:31
|
|
Fix odb foreach to also close on positive error code
In include/git2/odb.h it states that callback can also return
positive value which should break looping.
Implementations of git_odb_foreach() and pack_backend__foreach()
did not respect that.
|
|
b8b796c1
|
2019-01-20T18:09:43
|
|
repository: free memory in symlink detection function
|
|
86b522bd
|
2019-01-20T14:27:57
|
|
Merge pull request #4945 from libgit2/ethomson/fix-intrinsics
Add/multiply with overflow tweaks
|
|
75444d97
|
2019-01-20T13:52:46
|
|
add with overflow: correct documentation
Correct the documentation on the fallback add/multiply with overflow
functions.
|
|
abbc07f1
|
2019-01-20T13:51:15
|
|
add with overflow: use SizeTAdd on Windows
Windows provides <intsafe.h> which provides "performant" add and
multiply with overflow operations. Use them when possible.
|
|
c6d47acf
|
2019-01-20T13:04:10
|
|
Remove unused git__add_uint64_overflow
|
|
f04f1c7e
|
2019-01-20T13:00:53
|
|
add with overflow intrinsics: simplify tests
Use the smallest unsigned type that is equivalent to `size_t` to
simplify the conditionals. Error if we're on a system that we believe
offers builtins but we cannot determine which one to use.
|
|
1758636b
|
2019-01-19T01:38:34
|
|
Merge pull request #4939 from libgit2/ethomson/git_ref
Move `git_ref_t` to `git_reference_t`
|
|
b2c2dc64
|
2019-01-19T01:36:40
|
|
Merge pull request #4940 from libgit2/ethomson/git_obj
More `git_obj` to `git_object` updates
|
|
abe23675
|
2019-01-17T20:09:05
|
|
Merge pull request #4925 from lhchavez/fix-a-bunch-of-warnings
Fix a bunch of warnings
|
|
83151018
|
2019-01-17T10:47:32
|
|
object_type: convert final internal users to new names
Update some missed types that were continuing to use the old `GIT_OBJ`
names.
|
|
cd350852
|
2019-01-17T10:40:13
|
|
object_type: GIT_OBJECT_BAD is now GIT_OBJECT_INVALID
We use the term "invalid" to refer to bad or malformed data, eg
`GIT_REF_INVALID` and `GIT_EINVALIDSPEC`. Since we're changing the
names of the `git_object_t`s in this release, update it to be
`GIT_OBJECT_INVALID` instead of `BAD`.
|
|
ed8cfbf0
|
2019-01-17T00:32:31
|
|
references: use new names in internal usage
Update internal usage to use the `git_reference` names for constants.
|
|
35d86c77
|
2019-01-14T10:14:36
|
|
proxy: fix crash on remote connection with GIT_PROXY_AUTO but no proxy is detected
|
|
2848923a
|
2019-01-08T17:32:23
|
|
Let GCC use the add/mul overflow intrinsics
This change tweaks the macros for git__{add,multiply}_sizet_overflow so
that GCC can use them.
It also stops using the uadd,umul versions since the add,mul can handle
way more cases.
|
|
c6bfaf14
|
2019-01-09T06:58:40
|
|
Explanation for the rationale behind splitting formatting
|
|
1305cd4e
|
2019-01-09T09:55:26
|
|
Merge pull request #4926 from csware/warning-c4133
Fix warning 'function': incompatible types - from 'git_cvar_value *' to 'int *' (C4133) on VS
|
|
728101e3
|
2019-01-08T17:35:16
|
|
Move the intrinsics part of the change to its own PR
Less controversial changes together is better.
|
|
8b599528
|
2019-01-08T17:26:14
|
|
Fix Linux warnings
This change fixes -Wmaybe-uninitialized and -Wdeprecated-declarations
warnings on Linux builds
|
|
45001906
|
2019-01-07T16:14:51
|
|
Fix warning 'function': incompatible types - from 'git_cvar_value *' to 'int *' (C4133) on VS
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
321d19c1
|
2019-01-06T08:36:06
|
|
Windows is hard.
|
|
b5e8272f
|
2019-01-06T08:29:56
|
|
Attempt at fixing the MingW64 compilation
It seems like MingW64's size_t is defined differently than in Linux.
|
|
7b453e7e
|
2019-01-05T22:12:48
|
|
Fix a bunch of warnings
This change fixes a bunch of warnings that were discovered by compiling
with `clang -target=i386-pc-linux-gnu`. It turned out that the
intrinsics were not necessarily being used in all platforms! Especially
in GCC, since it does not support __has_builtin.
Some more warnings were gleaned from the Windows build, but I stopped
when I saw that some third-party dependencies (e.g. zlib) have warnings
of their own, so we might never be able to enable -Werror there.
|
|
d9eae98b
|
2018-10-24T01:30:12
|
|
refs: assert that we're passed valid refs when renaming
CID 1382962
|
|
0a8745f2
|
2018-10-24T01:26:48
|
|
diff: assert that we're passed a valid git_diff object
CID 1386176, 1386177, 1388219
|
|
9c23552c
|
2018-10-24T01:21:21
|
|
submodule: grab the error while loading from config
Previously, an error in `git_config_next` would be mistaken as a
successful load, because the previous call would have succeeded.
Coverity saw the subsequent check for a completed iteration as dead, so
let's make it useful again.
CID 1391374
|
|
9f714dec
|
2018-08-17T18:51:56
|
|
config: assert that our parameters are valid
CID 1395011
|
|
fba70a9d
|
2019-01-03T12:02:06
|
|
Merge pull request #4919 from pks-t/pks/shutdown-cb-count
Shutdown callback count
|
|
9084712b
|
2019-01-03T12:01:52
|
|
Merge pull request #4904 from libgit2/ethomson/crlf
Update CRLF filtering to match modern git
|
|
b46c3594
|
2019-01-02T09:33:55
|
|
global: move init callbacks into an array
We currently have an explicit callchain of all the initialization
callbacks in our `init_common` function. This is perfectly fine, but
requires us to manually keep track of how many shutdown callbacks there
may be installed: to avoid allocations before libgit2 is fully
initialized, we assume that every initializer may register at most one
shutdown function. These shutdown functions are stored in a static array
of size `MAX_SHUTDOWN_CB`, which then needs to be updated manually
whenever a new initializer function is being added.
The situation can be easily fixed: convert the callchain of init
functions into an array and iterate over it to initialize all
subsystems. This allows us to define the `git__shutdown_callbacks` array
with the same size as the initializer array and rids us of the need to
always update `MAX_SHUTDOWN_CB`.
|
|
03dc6480
|
2019-01-02T09:27:44
|
|
hash: convert `global_init` macros to real function
The `git_hash_global_init` function is simply defined as a macro to zero
for most of the different hash implementations. This makes it impossible
to treat it like a function pointer, which is required for a later
commit where we want to improve the way global initialization works.
Fix the issue by converting all no-op macros to an inline function
returning zero.
There's a small gotcha here, though: as most hash implementations only
have a header file, but not a corresponding implementation file, we
cannot declare the function as non-static. But declaring it as `static
inline` fails, too, as there is a previous declaration as non-static. So
we have to move the function declaration after the include that brings
in the function definition, as it is allowed to have a non-static
declaration after a static definition, but not the other way round.
|
|
8dde7e11
|
2018-12-19T11:04:58
|
|
refdb_fs: refactor error handling in `refdb_reflog_fs__delete`
The function `refdb_reflog_fs__delete` uses the `if (!error && foobar())`
pattern of checking, where error conditions are being checked by following calls
to different code. This does not match our current style, where the call-site of
a function is usually directly responsible for checking the return value.
Convert the function to use `if ((error = foobar()) < 0) goto out;` style. Note
that this changes the code flow a bit: previously, we were always trying to
delete empty reference hierarchies even if deleting the reflog entry has failed.
This wasn't much of a problem -- if deletion failed, the hierarchy will still
contain at least one file and thus the function call was an expensive no-op.
Now, we will only perform this deletion if we have successfully removed the
reflog.
|
|
bc219657
|
2018-12-19T11:01:55
|
|
Merge pull request #4833 from csware/drop-empty-dirs
Remove empty (sub-)directories when deleting refs
|
|
6ea9381b
|
2018-12-14T14:43:09
|
|
annotated_commit: peel to commit instead of assuming we have one
We want to allow the creation of annotated commits out of annotated tags and for
that we have to peel the reference all the way to the commit instead of stopping
at the first id it provides.
|
|
5bd78c48
|
2018-12-14T14:41:17
|
|
refs: constify git_reference_peel
We have no need to take a non-const reference. This does involve some other work
to make sure we don't mix const and non-const variables, but by splitting what
we want each variable to do we can also simplify the logic for when we do want
to free a new reference we might have allocated.
|
|
da8138b0
|
2018-12-06T12:59:17
|
|
Merge pull request #4906 from QBobWatson/bugfix
Fix segfault in loose_backend__readstream
|
|
2f3c4b69
|
2018-12-06T10:48:20
|
|
Typesetting conventions
|
|
f4835e44
|
2018-12-04T21:48:12
|
|
make proxy_stream_close close target stream even on errors
When git_filter_apply_fn callback returns a error while smudging proxy_stream_close
ends up returning without closing the stream. This is turn makes blob_content_to_file
crash as it asserts the stream being closed whether there are errors or not.
Closing the target stream on error fixes this problem.
|
|
08afdb57
|
2018-12-04T10:59:25
|
|
Removed one null check
|
|
36f80742
|
2018-12-04T10:12:24
|
|
Fix segfault in loose_backend__readstream
If the routine exits with error before stream or hash_ctx is initialized, the
program will segfault when trying to free them.
|
|
ef8f8ec6
|
2018-12-03T13:35:30
|
|
crlf: update to match git's logic
Examine the recent CRLF changes to git by Torsten Bögershausen and
include similar changes to update our CRLF logic to match.
Note: Torsten Bögershausen has previously agreed to allow his changes to
be included in libgit2.
|
|
168fe39b
|
2018-11-28T14:26:57
|
|
object_type: use new enumeration names
Use the new object_type enumeration names within the codebase.
|
|
18e71e6d
|
2018-11-28T13:31:06
|
|
index: use new enum and structure names
Use the new-style index names throughout our own codebase.
|
|
0ddc6094
|
2018-11-30T09:46:14
|
|
Merge pull request #4770 from tiennou/feature/merge-analysis-any-branch
Allow merge analysis against any reference
|
|
e7873eb2
|
2018-11-29T08:00:31
|
|
Merge pull request #4888 from TheBB/add-cb
revwalk: Allow changing hide_cb
|
|
487233fa
|
2018-11-29T07:21:41
|
|
Merge pull request #4895 from pks-t/pks/unused-warnings
Unused function warnings
|
|
a904fc6d
|
2018-11-28T20:31:30
|
|
Merge pull request #4870 from libgit2/ethomson/proxy
Add builtin proxy support for the http transport
|
|
30ac46aa
|
2018-11-28T10:12:43
|
|
http: reset replay_count upon connection
Reset the replay_count upon a successful connection. It's possible that
we could encounter a situation where we connect successfully but need to
replay a request - for example, a connection and initial request
succeeds without authentication but a subsequent call does require
authentication. Reset the replay count upon any successful request to
afford subsequent replays room to manuever.
|
|
02bb39f4
|
2018-11-22T08:49:09
|
|
stream registration: take an enum type
Accept an enum (`git_stream_t`) during custom stream registration that
indicates whether the registration structure should be used for standard
(non-TLS) streams or TLS streams.
|
|
52478d7d
|
2018-11-18T19:54:49
|
|
http: don't allow SSL connections to a proxy
Temporarily disallow SSL connections to a proxy until we can understand
the valgrind warnings when tunneling OpenSSL over OpenSSL.
|
|
41f620d9
|
2018-11-18T19:10:50
|
|
http: only load proxy configuration during connection
Only load the proxy configuration during connection; we need this data
when we're going to connect to the server, however we may mutate it
after connection (connecting through a CONNECT proxy means that we
should send requests like normal). If we reload the proxy configuration
but do not actually reconnect (because we're in a keep-alive session)
then we will reload the proxy configuration that we should have mutated.
Thus, only load the proxy configuration when we know that we're going to
reconnect.
|
|
43b592ac
|
2018-10-25T08:49:01
|
|
tls: introduce a wrap function
Introduce `git_tls_stream_wrap` which will take an existing `stream`
with an already connected socket and begin speaking TLS on top of it.
This is useful if you've built a connection to a proxy server and you
wish to begin CONNECT over it to tunnel a TLS connection.
Also update the pluggable TLS stream layer so that it can accept a
registration structure that provides an `init` and `wrap` function,
instead of a single initialization function.
|
|
df2cc108
|
2018-11-18T10:29:07
|
|
stream: provide generic registration API
Update the new stream registration API to be `git_stream_register`
which takes a registration structure and a TLS boolean. This allows
callers to register non-TLS streams as well as TLS streams.
Provide `git_stream_register_tls` that takes just the init callback for
backward compatibliity.
|
|
0467606f
|
2018-11-18T11:00:11
|
|
http: disallow repeated headers from servers
Don't allow servers to send us multiple Content-Type, Content-Length
or Location headers.
|
|
21142c5a
|
2018-10-29T10:04:48
|
|
http: remove cURL
We previously used cURL to support HTTP proxies. Now that we've added
this support natively, we can remove the curl dependency.
|
|
2878ad08
|
2018-10-29T08:59:33
|
|
streams: remove unused tls functions
The implementations of git_openssl_stream_new and
git_mbedtls_stream_new have callers protected by #ifdefs and
are never called unless compiled in. There's no need for a
dummy implementation. Remove them.
|
|
5d4e1e04
|
2018-10-28T21:27:56
|
|
http: use CONNECT to talk to proxies
Natively support HTTPS connections through proxies by speaking CONNECT
to the proxy and then adding a TLS connection on top of the socket.
|
|
b2ed778a
|
2018-11-18T22:20:10
|
|
http transport: reset error message on cert failure
Store the error message from the underlying TLS library before calling
the certificate callback. If it refuses to act (demonstrated by
returning GIT_PASSTHROUGH) then restore the error message. Otherwise,
if the callback does not set an error message, set a sensible default
that implicates the callback itself.
|
|
2ce2315c
|
2018-10-22T17:33:45
|
|
http transport: support cert check for proxies
Refactor certificate checking so that it can easily be called for
proxies or the remote server.
|
|
74c6e08e
|
2018-10-22T14:56:53
|
|
http transport: provide proxy credentials
|
|
496da38c
|
2018-10-22T12:48:45
|
|
http transport: refactor storage
Create a simple data structure that contains information about the
server being connected to, whether that's the actual remote endpoint
(git server) or an intermediate proxy. This allows for organization of
streams, authentication state, etc.
|
|
6af8572c
|
2018-10-22T11:29:01
|
|
http transport: cap number of authentication replays
Put a limit on the number of authentication replays in the HTTP
transport. Standardize on 7 replays for authentication or redirects,
which matches the behavior of the WinHTTP transport.
|
|
22654812
|
2018-10-22T11:24:05
|
|
http transport: prompt for proxy credentials
Teach the HTTP transport how to prompt for proxy credentials.
|
|
0328eef6
|
2018-10-22T11:14:06
|
|
http transport: further refactor credential handling
Prepare credential handling to understand both git server and proxy
server authentication.
|
|
32cb56ce
|
2018-10-22T10:16:54
|
|
http transport: refactor credential handling
Factor credential handling into its own function. Additionally, add
safety checks to ensure that we are in a valid state - that we have
received a valid challenge from the server and that we have
configuration to respond to that challenge.
|
|
e6e399ab
|
2018-10-22T09:49:54
|
|
http transport: use HTTP proxies when requested
The HTTP transport should understand how to apply proxies when
configured with `GIT_PROXY_SPECIFIED` and `GIT_PROXY_SPECIFIED`.
When a proxy is configured, the HTTP transport will now connect
to the proxy (instead of directly to the git server), and will
request the properly-formed URL of the git server endpoint.
|
|
e6f1931a
|
2018-10-22T00:09:24
|
|
http: rename http subtransport's `io` to `gitserver_stream`
Rename `http_subtransport->io` to `http_subtransport->gitserver_stream`
to clarify its use, especially as we might have additional streams (eg
for a proxy) in the future.
|
|
c07ff4cb
|
2018-10-21T14:17:06
|
|
http: rename `connection_data` -> `gitserver_data`
Rename the `connection_data` struct member to `gitserver_data`, to
disambiguate future `connection_data`s that apply to the proxy, not the
final server endpoint.
|
|
ed72465e
|
2018-10-13T19:16:54
|
|
proxy: propagate proxy configuration errors
|
|
dcd00638
|
2018-11-28T14:45:55
|
|
Merge pull request #4898 from pks-t/pks/config-parent-is-file
config: fix adding files if their parent directory is a file
|
|
f2f5ec84
|
2018-11-23T19:27:09
|
|
khash: move khash include into implementation files
The current map implementations directly include the "khash.h" headers
into their own headers to make available a set of static functions,
defines et cetera. Besides leaking the complete khash namespace into
files wherever khashes are used, this also triggers Clang's
-Wunused-function warnings when some of the static functions are not
being used at all.
Fix the issue by moving the includes into the respective map
implementation files. Add forward declares for all the map types to make
them known.
|
|
852bc9f4
|
2018-11-23T19:26:24
|
|
khash: remove intricate knowledge of khash types
Instead of using the `khiter_t`, `git_strmap_iter` and `khint_t` types,
simply use `size_t` instead. This decouples code from the khash stuff
and makes it possible to move the khash includes into the implementation
files.
|
|
5bfb3b58
|
2018-11-23T18:48:40
|
|
khash: implement map-specific foreach macros
The current foreach map macros simply redirect to the type-indifferent
`kh_foreach` macro. As this type-indifferent macro directly accesses the
structures, the current implementation makes it impossible to make the
stuctures private to the implementation only. And making them private is
required to move out the khash include into the implementations to
decrease the namespace leak.
|
|
382b668b
|
2018-11-23T18:38:18
|
|
khash: implement begin/end via functions instead of macros
Right now, the `git_*map_begin()` and `git_*map_end()` helpers are
implemented via macros which simply redirect to `kh_begin` and `kh_end`.
As these macros refer to members of the map structures, they make it
impossible to move the khash include into the implementation files.
Implement these helpers as real functions instead to further decouple
the headers from implementations.
|
|
ae765d00
|
2018-11-23T19:26:48
|
|
submodule: remove string map implementation that strips trailing slashes
The submodule code currently has its own implementation of a string map,
which overrides the hashing and hash equals functions with functions
that ignore potential trailing slashes. These functions aren't actually
used by our code, making them useless.
|
|
02789782
|
2018-11-23T18:37:57
|
|
idxmap: remove unused foreach macros
The foreach macros of the idxmap types are not used anywhere. As we are
about to open-code all foreach macros for the maps in order to be able
to make the khash structure internal, removing these unused macros will
leave a few places less that need conversion.
|
|
b2af13f2
|
2018-11-21T12:07:23
|
|
iterator: remove unused function `tree_iterator_entry_cmp`
The function `tree_iterator_entry_cmp` has been introduced in commit be30387e8
(iterators: refactored tree iterator, 2016-02-25), but in fact it has never been
used at all. Remove it to avoid unused function warnings as soon as we re-enable
"-Wunused-functions".
|
|
0836f069
|
2018-11-14T16:08:30
|
|
revwalk: Allow changing hide_cb
Since git_revwalk objects are encouraged to be reused, a public
interface for changing hide_cb is desirable.
|
|
c97d302d
|
2018-11-28T13:45:41
|
|
Merge pull request #4879 from libgit2/ethomson/defer_cert_cred_cb
Allow certificate and credential callbacks to decline to act
|
|
43cbe6b7
|
2018-11-28T13:36:47
|
|
config: fix adding files if their parent directory is a file
When we try to add a configuration file with `git_config_add_file_ondisk`, we
treat nonexisting files as empty. We do this by performing a stat call, ignoring
ENOENT errors. This works just fine in case the file or any of its parents
simply does not exist, but there is also the case where any of the parent
directories is not a directory, but a file. So e.g. trying to add a
configuration file "/dev/null/.gitconfig" will fail, as `errno` will be ENOTDIR
instead of ENOENT.
Catch ENOTDIR in addition to ENOENT to fix the issue. Add a test that verifies
we are able to add configuration files with such an invalid path file just fine.
|
|
f0714daf
|
2018-11-25T13:36:29
|
|
Fix warning C4133 incompatible types in MSVC
Introduced in commit b433a22a979ae78c28c8b16f8c3487e2787cb73e.
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
a2e6e0ea
|
2018-11-06T14:15:43
|
|
transport: allow cred/cert callbacks to return GIT_PASSTHROUGH
Allow credential and certificate checking callbacks to return
GIT_PASSTHROUGH, indicating that they do not want to act.
Introduce this to support in both the http and ssh callbacks.
Additionally, enable the same mechanism for certificate validation.
This is most useful to disambiguate any meaning in the publicly exposed
credential and certificate functions (`git_transport_smart_credentials`
and `git_transport_smart_certificate_check`) but it may be more
generally useful for callers to be able to defer back to libgit2.
|
|
0e3e832d
|
2018-11-21T13:30:01
|
|
Merge pull request #4884 from libgit2/ethomson/index_iterator
index: introduce git_index_iterator
|
|
cb23c3ef
|
2018-11-21T10:54:29
|
|
commit: fix out-of-bound reads when parsing truncated author fields
While commit objects usually should have only one author field, our commit
parser actually handles the case where a commit has multiple author fields
because some tools that exist in the wild actually write them. Detection of
those additional author fields is done by using a simple `git__prefixcmp`,
checking whether the current line starts with the string "author ". In case
where we are handed a non-NUL-terminated string that ends directly after the
space, though, we may have an out-of-bounds read of one byte when trying to
compare the expected final NUL byte.
Fix the issue by using `git__prefixncmp` instead of `git_prefixcmp`.
Unfortunately, a test cannot be easily written to catch this case. While we
could test the last error message and verify that it didn't in fact fail parsing
a signature (because that would indicate that it has in fact tried to parse the
additional "author " field, which it shouldn't be able to detect in the first
place), this doesn't work as the next line needs to be the "committer" field,
which would error out with the same error message even if we hadn't done an
out-of-bounds read.
As objects read from the object database are always NUL terminated, this issue
cannot be triggered in normal code and thus it's not security critical.
|
|
11d33df8
|
2018-11-18T23:39:43
|
|
Merge branch 'tiennou/fix/logallrefupdates-always'
|
|
e226ad8f
|
2018-11-17T17:55:10
|
|
refs: add support for core.logAllRefUpdates=always
Since we were not expecting this config entry to contain a string, we
would fail as soon as its (cached) value would be accessed. Hence,
provide some constants for the 4 states we use, and account for "always"
when we decide to reflog changes.
|
|
646a94be
|
2018-11-18T23:15:56
|
|
Merge pull request #4847 from noahp/noahp/null-arg-fixes
tests: 🌀 address two null argument instances
|
|
5c213e29
|
2018-11-18T22:59:03
|
|
Merge pull request #4875 from tiennou/fix/openssl-errors
Some OpenSSL issues
|
|
4ef2b889
|
2018-11-18T22:56:28
|
|
Merge pull request #4882 from kc8apf/include_port_in_host_header
transport/http: Include non-default ports in Host header
|
|
7321cff0
|
2018-11-15T09:17:51
|
|
Merge pull request #4713 from libgit2/ethomson/win_symlinks
Support symlinks on Windows when core.symlinks=true
|
|
8ee10098
|
2018-11-06T13:10:30
|
|
transport: see if cert/cred callbacks exist before calling them
Custom transports may want to ask libgit2 to invoke a configured
credential or certificate callback; however they likely do not know if a
callback was actually configured. Return a sentinal value
(GIT_PASSTHROUGH) if there is no callback configured instead of crashing.
|
|
c358bbc5
|
2018-11-12T17:22:47
|
|
index: introduce git_index_iterator
Provide a public git_index_iterator API that is backed by an index
snapshot. This allows consumers to provide a stable iteration even
while manipulating the index during iteration.
|
|
4b84db6a
|
2018-11-14T12:33:38
|
|
patch_parse: remove unused function `parse_number`
The function `parse_number` was replaced by `git_parse_advance_digit`
which is provided by the parser interface in commit 252f2eeee (parse:
implement and use `git_parse_advance_digit`, 2017-07-14). As there are
no remaining callers, remove it.
|
|
4209a512
|
2018-11-14T12:04:42
|
|
strntol: fix out-of-bounds reads when parsing numbers with leading sign
When parsing a number, we accept a leading plus or minus sign to return
a positive or negative number. When the parsed string has such a leading
sign, we set up a flag indicating that the number is negative and
advance the pointer to the next character in that string. This misses
updating the number of bytes in the string, though, which is why the
parser may later on do an out-of-bounds read.
Fix the issue by correctly updating both the pointer and the number of
remaining bytes. Furthermore, we need to check whether we actually have
any bytes left after having advanced the pointer, as otherwise the
auto-detection of the base may do an out-of-bonuds access. Add a test
that detects the out-of-bound read.
Note that this is not actually security critical. While there are a lot
of places where the function is called, all of these places are guarded
or irrelevant:
- commit list: this operates on objects from the ODB, which are always
NUL terminated any may thus not trigger the off-by-one OOB read.
- config: the configuration is NUL terminated.
- curl stream: user input is being parsed that is always NUL terminated
- index: the index is read via `git_futils_readbuffer`, which always NUL
terminates it.
- loose objects: used to parse the length from the object's header. As
we check previously that the buffer contains a NUL byte, this is safe.
- rebase: this parses numbers from the rebase instruction sheet. As the
rebase code uses `git_futils_readbuffer`, the buffer is always NUL
terminated.
- revparse: this parses a user provided buffer that is NUL terminated.
- signature: this parser the header information of objects. As objects
read from the ODB are always NUL terminated, this is a non-issue. The
constructor `git_signature_from_buffer` does not accept a length
parameter for the buffer, so the buffer needs to be NUL terminated, as
well.
- smart transport: the buffer that is parsed is NUL terminated
- tree cache: this parses the tree cache from the index extension. The
index itself is read via `git_futils_readbuffer`, which always NUL
terminates it.
- winhttp transport: user input is being parsed that is always NUL
terminated
|
|
cf83809b
|
2018-11-13T14:26:26
|
|
Merge pull request #4883 from pks-t/pks/signature-tz-oob
signature: fix out-of-bounds read when parsing timezone offset
|
|
f127ce35
|
2018-11-13T08:22:25
|
|
tests: address two null argument instances
Handle two null argument cases that occur in the unit tests.
One is in library code, the other is in test code.
Detected by running unit tests with undefined behavior sanitizer:
```bash
# build
mkdir build && cd build
cmake -DBUILD_CLAR=ON -DCMAKE_C_FLAGS="-fsanitize=address \
-fsanitize=undefined -fstack-usage -static-libasan" ..
cmake --build .
# run with asan
ASAN_OPTIONS="allocator_may_return_null=1" ./libgit2_clar
...
............../libgit2/src/apply.c:316:3: runtime error: null pointer \
passed as argument 1, which is declared to never be null
...................../libgit2/tests/apply/fromfile.c:46:3: runtime \
error: null pointer passed as argument 1, which is declared to never be null
```
|
|
20cb30b6
|
2018-11-13T13:40:17
|
|
Merge pull request #4667 from tiennou/feature/remote-create-api
Remote creation API
|