Log

Author Commit Date CI Message
Etienne Samson 43b4b2fa 2018-06-20T02:27:09 remote: merge if-statements We need a repo/config and a name to be able to do anything to the configuration. As such, those two tests can be merged so their conditions are shared.
Etienne Samson b741bb89 2018-06-20T02:27:04 remote: add a helper for generating the default fetchspec
Etienne Samson de2af3c2 2018-06-20T02:27:00 remote: move static method
Etienne Samson b2640c36 2018-06-20T02:27:03 config: add asserts for non-null parameters in lock/unlock
Etienne Samson f778af68 2018-06-20T02:26:53 tests: git_remote_create_anonymous
Etienne Samson fa69195e 2018-06-20T02:26:52 tests: git_remote_create_with_fetchspec
Etienne Samson 0e5a27cd 2018-06-20T02:26:58 tests: count config section helper already exists
Etienne Samson 10fa2dd6 2018-06-20T02:26:50 tests: consolidate all remote creation tests in one test suite
Etienne Samson f8fc987c 2018-06-20T02:26:56 tests: git_remote_create_detached
Etienne Samson 4e0da450 2018-06-20T02:26:55 tests: check what happens with the remote. section counts
Etienne Samson 798be87e 2018-06-20T02:26:49 tests: rename remote creation test suite
Edward Thomson b5ae83bf 2018-10-31T08:47:10 Merge pull request #4860 from tiennou/ci/macos-leaks CI: Fix macOS leak detection
Etienne Samson 8c49b3bf 2018-10-30T22:32:57 tests: use CLAR_AT_EXIT to check for leaks on macOS
Etienne Samson 0e69485e 2018-10-23T20:34:47 clar: provide a way to run some shell before exiting
Edward Thomson 79558009 2018-10-26T15:40:16 Merge pull request #4800 from libgit2/ethomson/badgification README: more CI status badges
Edward Thomson b7174dde 2018-10-26T14:59:50 Merge pull request #4867 from libgit2/ethomson/ci ci: Fix some minor issues
Edward Thomson f195c385 2018-10-26T14:10:13 nightly: the path to yaml templates is relative Don't prefix the path to the yaml templates - the nightly template itself is already in the `azure-pipelines` directory. Instead, just use the relative path.
Edward Thomson f22521ef 2018-10-26T12:31:39 ci: fail if requested test name is not found (unix) POSIX: the CMakeLists.txt configures the test names; when we query ctest for the test command-line to run, fail if the tests are not found.
Edward Thomson 05c51bb6 2018-10-26T06:35:57 ci: fail if requested test name is not found (win32) Win32: The CMakeLists.txt configures the test names; when we query ctest for the test command-line to run, fail if the tests are not found.
Patrick Steinhardt 623647af 2018-10-26T12:33:59 Merge pull request #4864 from pks-t/pks/object-parse-fixes Object parse fixes
Edward Thomson 814389d4 2018-10-25T23:40:19 Merge pull request #4862 from libgit2/ethomson/win_ci Windows CI: fail build on test failure
Edward Thomson cd248c70 2018-10-25T23:25:09 Merge pull request #4863 from libgit2/ethomson/ci_nightly ci: run all the jobs during nightly builds
Edward Thomson be5a2ae2 2018-10-25T23:19:42 ci: run all the jobs during nightly builds Instead of running the oddball builds, run all the builds (the ones that we always run during PR validation and CI) during a nightly build for increased coverage.
Edward Thomson 0e26717a 2018-10-25T14:26:28 ci: fail on test failures PowerShell can _read_ top-level variables in functions, but cannot _update_ top-level variables in functions unless they're explicitly prefixed with `$global`.
Patrick Steinhardt 7655b2d8 2018-10-19T10:29:19 commit: fix reading out of bounds when parsing encoding The commit message encoding is currently being parsed by the `git__prefixcmp` function. As this function does not accept a buffer length, it will happily skip over a buffer's end if it is not `NUL` terminated. Fix the issue by using `git__prefixncmp` instead. Add a test that verifies that we are unable to parse the encoding field if it's cut off by the supplied buffer length.
Patrick Steinhardt c2e3d8ef 2018-10-25T12:01:18 tests: add tests that exercise commit parsing We currently do not have any test suites dedicated to parsing commits from their raw representations. Add one based on `git_object__from_raw` to be able to test special cases more easily.
Patrick Steinhardt ee11d47e 2018-10-19T09:47:50 tag: fix out of bounds read when searching for tag message When parsing tags, we skip all unknown fields that appear before the tag message. This skipping is done by using a plain `strstr(buffer, "\n\n")` to search for the two newlines that separate tag fields from tag message. As it is not possible to supply a buffer length to `strstr`, this call may skip over the buffer's end and thus result in an out of bounds read. As `strstr` may return a pointer that is out of bounds, the following computation of `buffer_end - buffer` will overflow and result in an allocation of an invalid length. Fix the issue by using `git__memmem` instead. Add a test that verifies parsing the tag fails not due to the allocation failure but due to the tag having no message.
Patrick Steinhardt 4c738e56 2018-10-19T09:44:14 tests: add tests that exercise tag parsing While the tests in object::tag::read exercises reading and parsing valid tags from the ODB, they barely try to verify that the parser fails in a sane way when parsing invalid tags. Create a new test suite object::tag::parse that directly exercise the parser by using `git_object__from_raw` and add various tests for valid and invalid tags.
Patrick Steinhardt 83e8a6b3 2018-10-18T16:08:46 util: provide `git__memmem` function Unfortunately, neither the `memmem` nor the `strnstr` functions are part of any C standard but are merely extensions of C that are implemented by e.g. glibc. Thus, there is no standardized way to search for a string in a block of memory with a limited size, and using `strstr` is to be considered unsafe in case where the buffer has not been sanitized. In fact, there are some uses of `strstr` in exactly that unsafe way in our codebase. Provide a new function `git__memmem` that implements the `memmem` semantics. That is in a given haystack of `n` bytes, search for the occurrence of a byte sequence of `m` bytes and return a pointer to the first occurrence. The implementation chosen is the "Not So Naive" algorithm from [1]. It was chosen as the implementation is comparably simple while still being reasonably efficient in most cases. Preprocessing happens in constant time and space, searching has a time complexity of O(n*m) with a slightly sub-linear average case. [1]: http://www-igm.univ-mlv.fr/~lecroq/string/
Patrick Steinhardt bea65980 2018-10-25T11:21:14 Merge pull request #4851 from pks-t/pks/strtol-removal strtol removal
Patrick Steinhardt 11945461 2018-10-25T11:17:52 Merge pull request #4854 from libgit2/ethomson/buf_oom_test buf::oom tests: use custom allocator for oom failures
Etienne Samson fa274f7f 2018-10-23T22:34:45 ci: redirect the malloc debugging output to /dev/null
Edward Thomson 2e34efaa 2018-10-21T13:10:06 buf::oom tests: use custom allocator for oom failures Create a custom allocator for the `buf::oom` tests that will fail with out-of-memory errors in predictable ways. We were previously trying to guess the way that various allocators on various platforms would fail in a way such that `malloc`/`realloc` would return `NULL` (instead of aborting the application, or appearing suspicious to various instrumentation or static code analysis tools like valgrind.) Introduce a fake `malloc` and `realloc` that will return `NULL` on allocations requesting more than 100 bytes. Otherwise, we proxy to the default allocator. (It's important to use the _default_ allocator, not just call `malloc`, since the default allocator on Windows CI builds may be the debugging C runtime allocators which would not be compatible with a standard `malloc`.)
Edward Thomson 305e801a 2018-10-21T09:52:32 util: allow callers to reset custom allocators Provide a utility to reset custom allocators back to their default. This is particularly useful for testing.
Edward Thomson 671b2446 2018-10-21T12:50:46 Merge pull request #4804 from libgit2/ethomson/qemu-build ci: arm docker builds
Edward Thomson 7c557169 2018-10-21T10:34:38 ci: use trusty-amd64 for openssl and mbedtls We don't need two separate docker images for OpenSSL and mbedTLS. They've been combined into a single image `trusty-amd64` that supports both.
Edward Thomson 415a8ae9 2018-09-13T13:27:07 tests: don't run buf::oom on 32-bit systems On a 32-bit Linux systems, the value large enough to make malloc guarantee a failure is also large enough that valgrind considers it "fishy". Skip this test on those systems entirely.
Edward Thomson 9cc4ba5c 2018-09-13T16:12:41 valgrind: extend the suppressions file Newer dependencies means newer places to leak!
Edward Thomson d82800e8 2018-10-21T09:31:42 ci: use bionic for non-amd64 builds Use Bionic so that we have a modern libssh2 (for communicating with GitHub). We've ported fixes to our Trusty-based amd64 images, but maintaining patches for multiple platforms is heinous.
Edward Thomson b244ea79 2018-10-21T09:24:08 ci: introduce nightly x86 linux builds
Edward Thomson f195395a 2018-10-21T09:16:35 ci: bind specifically to localhost for proxy Bind the proxy specifically to 127.0.0.1 instead of all addresses. This is not strictly necessary for operations, but having a potentially open proxy on a network is not a good idea.
Edward Thomson 0e521abd 2018-10-21T09:15:24 ci: introduce nightly arm docker builds Use multiarch arm32 and arm64 docker images to run Xenial-based images for those platforms. We can support all the tests on ARM32 and 64 _except_ the proxy-based tests. Our proxy on ARM seems regrettably unstable, either due to some shoddy dependencies (with native code?) or the JREs themselves. Run these platforms as part of our nightly builds; do not run them during pull request or CI validation.
Edward Thomson 28f05585 2018-10-21T09:20:10 ci: reorganize naming for consistency
Edward Thomson 4ec597dc 2018-10-21T09:12:43 ci: move configuration yaml to its own directory As the number of each grow, separate the CI build scripts from the YAML definitions.
Edward Thomson 7c791f3d 2018-10-20T20:25:51 Merge pull request #4852 from libgit2/ethomson/unc_paths Win32 path canonicalization refactoring
Edward Thomson 6cc14ae3 2018-10-20T20:22:04 Merge pull request #4840 from libgit2/cmn/validity-tree-from-unowned-index Check object existence when creating a tree from an index
Edward Thomson a2f9f94b 2018-10-20T20:18:04 Merge branch 'issue-4203'
Edward Thomson 32b81661 2018-10-20T20:16:32 merge: don't leak the index during reloads
Edward Thomson c79e6081 2018-10-20T19:08:16 checkout: fix test fixture missing objects The testrepo test fixture has an index file that's damaged, missing an object. The index previously had an entry of `src/index.c` with id 3161df8cbf3a006b4ef85be6497a0ea6bde98541, but that object was missing in the repository. This commit adds an object to the repository and updates the index to use that existing blob. Similarly, the index has an entry for `readme` with an id of 97328ac7e3bd0bcd3900cb3e7a624d71dd0df888. This can be restored from other test repositories. With these fixed, now the write tree from index tests can pass since they validate object existence.
Edward Thomson 2ad07ad5 2018-10-20T18:14:25 Merge pull request #4841 from tiennou/ci/ninja-build Ninja build
Etienne Samson f77e6cc7 2018-10-19T17:10:01 ci: make the Ubuntu/OpenSSL build explicit
Etienne Samson 6a67e42d 2018-10-08T19:33:27 ci: use Ninja on macOS
Edward Thomson 0fccf017 2018-10-19T15:48:46 Merge pull request #4853 from libgit2/cmn/not-opaque docs: fix transparent/opaque confusion in the conventions file
Carlos Martín Nieto 69cd4141 2018-10-19T16:30:43 docs: fix transparent/opaque confusion in the conventions file
Patrick Steinhardt 0a4284b1 2018-10-19T14:54:13 Merge pull request #4819 from libgit2/cmn/config-nonewline Configuration variables can appear on the same line as the section header
Patrick Steinhardt ea19efc1 2018-10-18T15:08:56 util: fix out of bounds read in error message When an integer that is parsed with `git__strntol32` is too big to fit into an int32, we will generate an error message that includes the actual string that failed to parse. This does not acknowledge the fact that the string may either not be NUL terminated or alternative include additional characters after the number that is to be parsed. We may thus end up printing characters into the buffer that aren't the number or, worse, read out of bounds. Fix the issue by utilizing the `endptr` that was set by `git__strntol64`. This pointer is guaranteed to be set to the first character following the number, and we can thus use it to compute the width of the number that shall be printed. Create a test to verify that we correctly truncate the number.
Edward Thomson a34f5b0d 2018-10-18T08:57:27 win32: refactor `git_win32_path_remove_namespace` Update `git_win32_path_remove_namespace` to disambiguate the prefix being removed versus the prefix being added. Now we remove the "namespace", and (may) add a "prefix" in its place. Eg, we remove the `\\?\` namespace. We remove the `\\?\UNC\` namespace, and replace it with the `\\` prefix. This aids readability somewhat. Additionally, use pointer arithmetic instead of offsets, which seems to also help readability.
Edward Thomson 16fd9ba9 2018-10-17T11:34:38 win32: more tests for `git_win32_remove_path`
Edward Thomson b2e85f98 2018-10-17T08:48:43 win32: rename `git_win32__canonicalize_path` The internal API `git_win32__canonicalize_path` is far, far too easily confused with the internal API `git_win32_path_canonicalize`. The former removes the namespace prefix from a path (eg, given `\\?\C:\Temp\foo`, it returns `C:\Temp\foo`, and given `\\?\UNC\server\share`, it returns `\\server\share`). As such, rename it to `git_win32_path_remove_namespace`. `git_win32_path_canonicalize` remains unchanged.
Patrick Steinhardt b09c1c7b 2018-10-18T14:37:55 util: avoid signed integer overflows in `git__strntol64` While `git__strntol64` tries to detect integer overflows when doing the necessary arithmetics to come up with the final result, it does the detection only after the fact. This check thus relies on undefined behavior of signed integer overflows. Fix this by instead checking up-front whether the multiplications or additions will overflow. Note that a detected overflow will not cause us to abort parsing the current sequence of digits. In the case of an overflow, previous behavior was to still set up the end pointer correctly to point to the first character immediately after the currently parsed number. We do not want to change this now as code may rely on the end pointer being set up correctly even if the parsed number is too big to be represented as 64 bit integer.
Patrick Steinhardt 39087ab8 2018-10-18T12:11:33 tests: core::strtol: test for some more edge-cases Some edge cases were currently completely untested, e.g. parsing numbers greater than INT64_{MIN,MAX}, truncating buffers by length and invalid characters. Add tests to verify that the system under test performs as expected.
Patrick Steinhardt 8d7fa88a 2018-10-18T12:04:07 util: remove `git__strtol32` The function `git__strtol32` can easily be misused when untrusted data is passed to it that may not have been sanitized with trailing `NUL` bytes. As all usages of this function have now been removed, we can remove this function altogether to avoid future misuse of it.
Patrick Steinhardt 2613fbb2 2018-10-18T11:58:14 global: replace remaining use of `git__strtol32` Replace remaining uses of the `git__strtol32` function. While these uses are all safe as the strings were either sanitized or from a trusted source, we want to remove `git__strtol32` altogether to avoid future misuse.
Patrick Steinhardt 21652ee9 2018-10-18T11:43:30 tree-cache: avoid out-of-bound reads when parsing trees We use the `git__strtol32` function to parse the child and entry count of treecaches from the index, which do not accept a buffer length. As the buffer that is being passed in is untrusted data and may thus be malformed and may not contain a terminating `NUL` byte, we can overrun the buffer and thus perform an out-of-bounds read. Fix the issue by uzing `git__strntol32` instead.
Patrick Steinhardt 68deb2cc 2018-10-18T11:37:10 util: remove unsafe `git__strtol64` function The function `git__strtol64` does not take a maximum buffer length as parameter. This has led to some unsafe usages of this function, and as such we may consider it as being unsafe to use. As we have now eradicated all usages of this function, let's remove it completely to avoid future misuse.
Patrick Steinhardt 1a2efd10 2018-10-18T11:35:08 config: remove last instance of `git__strntol64` When parsing integers from configuration values, we use `git__strtol64`. This is fine to do, as we always sanitize values and can thus be sure that they'll have a terminating `NUL` byte. But as this is the last call-site of `git__strtol64`, let's just pass in the length explicitly by calling `strlen` on the value to be able to remove `git__strtol64` altogether.
Patrick Steinhardt 3db9aa6f 2018-10-18T11:32:48 signature: avoid out-of-bounds reads when parsing signature dates We use `git__strtol64` and `git__strtol32` to parse the trailing commit or author date and timezone of signatures. As signatures are usually part of a commit or tag object and thus essentially untrusted data, the buffer may be misformatted and may not be `NUL` terminated. This may lead to an out-of-bounds read. Fix the issue by using `git__strntol64` and `git__strntol32` instead.
Patrick Steinhardt 600ceadd 2018-10-18T11:29:06 index: avoid out-of-bounds read when reading reuc entry stage We use `git__strtol64` to parse file modes of the index entries, which does not limit the parsed buffer length. As the index can be essentially treated as "untrusted" in that the data stems from the file system, it may be misformatted and may not contain terminating `NUL` bytes. This may lead to out-of-bounds reads when trying to parse index entries with such malformatted modes. Fix the issue by using `git__strntol64` instead.
Patrick Steinhardt 1a3fa1f5 2018-10-18T11:25:59 commit_list: avoid use of strtol64 without length limit When quick-parsing a commit, we use `git__strtol64` to parse the commit's time. The buffer that's passed to `commit_quick_parse` is the raw data of an ODB object, though, whose data may not be properly formatted and also does not have to be `NUL` terminated. This may lead to out-of-bound reads. Use `git__strntol64` to avoid this problem.
Edward Thomson f010b66b 2018-10-17T14:33:47 Merge pull request #4849 from libgit2/cmn/expose-gitfile-check path: export the dotgit-checking functions
Edward Thomson 5be63f6d 2018-10-17T10:01:22 Merge pull request #4850 from libgit2/ethomson/libssh2_not_libssh cmake: correct comment from libssh to libssh2
Edward Thomson b160a64f 2018-10-17T09:38:30 cmake: correct comment from libssh to libssh2 We use libssh2. We do not use libssh. Make sure to disambiguate them correctly.
Carlos Martín Nieto 7615794c 2018-10-15T18:08:13 Merge pull request #4845 from pks-t/pks/object-fuzzer Object parsing fuzzer
Carlos Martín Nieto 9b6e4081 2018-10-15T17:08:38 Merge commit 'afd10f0' (Follow 308 redirects)
Carlos Martín Nieto 05e54e00 2018-10-15T13:54:17 path: export the dotgit-checking functions These checks are preformed by libgit2 on checkout, but they're also useful for performing checks in applications which do not involve checkout. Expose them under `sys/` as it's still fairly in the weeds even for this library.
Carlos Martín Nieto 1d718fa5 2018-09-28T11:55:34 config: variables might appear on the same line as a section header While rare and a machine would typically not generate such a configuration file, it is nevertheless valid to write [foo "bar"] baz = true and we need to deal with that instead of assuming everything is on its own line.
Carlos Martín Nieto 1cbc9604 2018-09-28T10:57:50 config: add failing test for no newline after section header
Zander Brown afd10f0b 2018-10-13T09:31:20 Follow 308 redirects (as used by GitLab)
Patrick Steinhardt 814e7acb 2018-10-12T12:38:06 Merge pull request #4842 from nelhage/fuzz-config-memory config: Port config_file_fuzzer to the new in-memory backend.
Nelson Elhage 463c21e2 2018-10-11T13:27:06 Apply code review feedback
Patrick Steinhardt a1d5fd06 2018-10-11T12:46:11 fuzzers: add object parsing fuzzer Add a simple fuzzer that exercises our object parser code. The fuzzer is quite trivial in that it simply passes the input data directly to `git_object__from_raw` for each of the four object types.
Patrick Steinhardt 6562cdda 2018-10-11T12:43:08 object: properly propagate errors on parsing failures When failing to parse a raw object fromits data, we free the partially parsed object but then fail to propagate the error to the caller. This may lead callers to operate on objects with invalid memory, which will sooner or later cause the program to segfault. Fix the issue by passing up the error code returned by `parse_raw`.
Patrick Steinhardt 6956a954 2018-10-11T12:26:44 fuzzers: initialize libgit2 in standalone driver The standalone driver for libgit2's fuzzing targets makes use of functions from libgit2 itself. While this is totally fine to do, we need to make sure to always have libgit2 initialized via `git_libgit2_init` before we call out to any of these. While this happens in most cases as we call `LLVMFuzzerInitialize`, which is provided by our fuzzers and which right now always calls `git_libgit2_init`, one exception to this rule is our error path when not enough arguments have been given. In this case, we will call `git_vector_free_deep` without libgit2 having been initialized. As we did not set up our allocation functions in that case, this will lead to a segmentation fault. Fix the issue by always initializing and shutting down libgit2 in the standalone driver. Note that we cannot let this replace the initialization in `LLVMFuzzerInitialize`, as it is required when using the "real" fuzzers by LLVM without our standalone driver. It's no problem to call the initialization and deinitialization functions multiple times, though.
Nelson Elhage 416aafd1 2018-10-09T02:33:03 fuzzers: Port config_file_fuzzer to the new in-memory backend
Nelson Elhage 2d449a11 2018-10-09T02:42:14 config: Refactor `git_config_backend_from_string` to take a length
Carlos Martín Nieto fd490d3e 2018-10-08T13:15:31 tree: unify the entry validity checks We have two similar functions, `git_treebuilder_insert` and `append_entry` which are used in different codepaths as part of creating a new tree. The former learnt to check for object existence under strict object creation, but the latter did not. This allowed the creation of a tree from an unowned index to bypass some of the checks and create a tree pointing to a nonexistent object. Extract a single function which performs these checks and call it from both codepaths. In `append_entry` we still do not validate when asked not to, as this is data which is already in the tree and we want to allow users to deal with repositories which already have some invalid data.
Carlos Martín Nieto fbc0dcda 2018-10-08T13:01:23 index: add failing test for writing an invalid tree from an unowned index When the index does not belong to any repository, we do not do any checks of the target id going in as we cannot verify that it exists. When we then write it out to a repository as a tree, we fail to perform the object existance and type-matching check that we do in other code-paths. This leads to being able to write trees which point to non-existent blobs even with strict object creation enabled.
Edward Thomson 838a2f29 2018-10-07T12:00:48 Merge pull request #4828 from csware/git_futils_rmdir_r_failing Add some more tests for git_futils_rmdir_r and some cleanup
Edward Thomson 0cd976c8 2018-10-07T12:00:06 Merge pull request #4830 from pks-t/pks/diff-stats-rename-common diff_stats: use git's formatting of renames with common directories
Edward Thomson 0c973356 2018-10-07T11:57:06 Merge pull request #4839 from palmin/ignore-unsupported-http-auth ignore unsupported http authentication contexts
Anders Borum 475db39b 2018-10-06T12:58:06 ignore unsupported http authentication schemes auth_context_match returns 0 instead of -1 for unknown schemes to not fail in situations where some authentication schemes are supported and others are not. apply_credentials is adjusted to handle auth_context_match returning 0 without producing authentication context.
Patrick Steinhardt a8d447f6 2018-10-05T20:13:34 Merge pull request #4837 from pks-t/cmn/reject-option-submodule-url-path submodule: ignore path and url attributes if they look like options
Patrick Steinhardt ce8803a2 2018-10-05T20:03:38 Merge pull request #4836 from pks-t/pks/smart-packets Smart packet security fixes
Patrick Steinhardt 84d6f439 2018-10-05T19:53:22 Merge pull request #4832 from pks-t/pks/config-includes-null-deref config_file: properly ignore includes without "path" value
Carlos Martín Nieto c8ca3cae 2018-10-05T11:47:39 submodule: ignore path and url attributes if they look like options These can be used to inject options in an implementation which performs a recursive clone by executing an external command via crafted url and path attributes such that it triggers a local executable to be run. The library is not vulnerable as we do not rely on external executables but a user of the library might be relying on that so we add this protection. This matches this aspect of git's fix for CVE-2018-17456.
Carlos Martín Nieto 4e0bdaa8 2018-10-05T11:42:00 submodule: add failing test for option-injection protection in url and path
Edward Thomson b37a5954 2018-10-05T13:24:55 Merge pull request #4831 from pks-t/pks/int-conversion int-conversion
Patrick Steinhardt ad273718 2018-10-04T10:32:07 tests: sanitize file hierarchy after running rmdir tests Currently, we do not clean up after ourselves after tests in core::rmdir have created new files in the directory hierarchy. This may leave stale files and/or directories after having run tests, confusing subsequent tests that expect a pristine test environment. Most importantly, it may cause the test initialization to fail which expects being able to re-create the testing hierarchy before each test in case where another test hasn't cleaned up after itself. Fix the issue by adding a cleanup function that removes the temporary testing hierarchy after each test if it still exists.
Sven Strickroth e886ab46 2018-10-02T19:50:29 tests: Add some more tests for git_futils_rmdir_r Signed-off-by: Sven Strickroth <email@cs-ware.de>
Patrick Steinhardt d06d4220 2018-10-05T10:56:02 config_file: properly ignore includes without "path" value In case a configuration includes a key "include.path=" without any value, the generated configuration entry will have its value set to `NULL`. This is unexpected by the logic handling includes, and as soon as we try to calculate the included path we will unconditionally dereference that `NULL` pointer and thus segfault. Fix the issue by returning early in both `parse_include` and `parse_conditional_include` in case where the `file` argument is `NULL`. Add a test to avoid future regression. The issue has been found by the oss-fuzz project, issue 10810.