Log

Author Commit Date CI Message
Edward Thomson a6917dc7 2018-09-17T20:12:59 ci: don't stop on failure Don't stop on test failures; run all the tests, even when a test fails. (cherry picked from commit 429c7f1141f812d266cfd7d33a142871c21f8874)
Edward Thomson 8f4dc529 2018-09-17T19:57:26 ci: append -r flag to clar on windows Similar to the way we parse the ctest output on POSIX systems, do the same on Windows. This allows us to append the `-r` flag to clar after we've identified the command to run. (cherry picked from commit 7c9769d94799c7bc6341d64e18bbd13bc8993ad6)
Edward Thomson e7a82ec5 2018-09-10T14:59:20 ci: write test result XML Add the clar flags to produce JUnit-style XML output before invocation. (cherry picked from commit fff33a1b65994e1f781f73d06e22d3f8778eff02)
Edward Thomson a3debcfa 2018-09-18T13:51:25 README: update the build badge to Azure Pipelines VSTS is now a family of components; "Azure Pipelines" is the build and release pipeline application. (cherry picked from commit 464305b74e87bd008cb9b18af632844f16806327)
Edward Thomson 886a0842 2018-09-10T12:36:51 Revert "clar: introduce CLAR_XML option" This reverts commit a2d73f5643814cddf90d5bf489332e14ada89ab8. Using clar to propagate the XML settings was a mistake. (cherry picked from commit 943181c2efe20b705aa40d30197693e7a4c1d0ac)
Edward Thomson 2f9b339f 2018-09-11T15:15:26 ci: add SKIP_*_TESTS for windows builds Introduce SKIP_*_TEST variables for Windows builds to match POSIX builds. (cherry picked from commit a8301b0c19cc738961604a14b7e132b2b97e064c)
Edward Thomson 29922609 2018-09-10T12:27:24 ci: only run the exact named test Our CI test system invokes ctest with the name of the given tests it wishes to invoke. ctest (with the `-R` flag) treats this name as a regular expression. Provide anchors in the regular expression to avoid matching additional tests in this search. (cherry picked from commit 7e353b7a140dade32f1f1db6afd1721cf2c18a4a)
Edward Thomson af61ffad 2018-09-18T13:52:08 README: rename "VSTS" to "Azure DevOps" Visual Studio Team Services is now a family of applications named "Azure DevOps". Update the README to refer to it thusly. (cherry picked from commit e2613039b34b9f119ca948c70ba75dd93dc1803f)
Patrick Steinhardt b79d7cd4 2018-10-12T12:08:53 ci: rename vsts to azure-pipelines (cherry picked from commit d7d0139eb3ef9d306d0229223092a9cac7da1db5)
Edward Thomson f5074e28 2018-09-08T18:54:21 clar: iterate errors in report_all / report_errors Instead of trying to have a clever iterator pattern that increments the error number, just iterate over errors in the report errors or report all functions as it's easier to reason about in this fashion. (cherry picked from commit d17e67d08d6e73dbf0daeae5049f92a38c2d8bb6)
Edward Thomson f56e1e70 2018-08-27T01:06:37 ci: use more compatible strftime formats Windows lacks %F and %T formats for strftime. Expand them to the year/month/day and hour/minute/second formats, respectively. (cherry picked from commit e595eeb5ab88142b97798ed65e651de6560515e9)
Patrick Steinhardt 4cf3907a 2018-10-12T12:08:32 ci: use templates for VSTS builds Our build YAML is becoming unweildly and full of copy-pasta. Simplify with templates. (cherry picked from commit 6b2d8f09bc9e5bdf74f98b7470ebc39436be600f)
Edward Thomson b974a94f 2018-08-26T17:27:54 ci: explicitly run in the build directory Explicitly run from the build directory, not the source. (I was mistaken about the default working directory for VSTS agents.) (cherry picked from commit 306875bc1c0c4cf82a4feb9436d161750c3f0aad)
Edward Thomson b52267b3 2018-08-26T17:12:17 ci: escape xml output path on Windows CMake treats backslashes as escape characters; use forward slashes for the XML output path. (cherry picked from commit f3f2c45ee6d8f46692ebcc71f2ee688868629830)
Patrick Steinhardt e46e5191 2018-10-12T12:08:17 ci: upload test results (cherry picked from commit bfcbde5009db3175cb924687d9273e6f7c5aa1b7)
Edward Thomson ca21af22 2018-08-26T16:07:32 ci: write xml during test runs (cherry picked from commit a84863fc8dfa51cafc1223181e17003383889350)
Edward Thomson f42a251c 2018-09-04T14:00:49 clar: remove globals; error-check fprintf/fclose Remove the global summary filename and file pointer; pass them in to the summary functions as needed. Error check the results of buffered I/O calls. (cherry picked from commit b67a93ff81e2fbfcf9ebb52dd15db9aa4e9ca708)
Edward Thomson a539205e 2018-08-24T11:23:19 clar: introduce CLAR_XML option Introduce a CLAR_XML option, to run the `ctest` commands with the new `-r` flag to clar. Permitted values are `OFF`, `ON` and a directory to write the XML test results to. (cherry picked from commit a2d73f5643814cddf90d5bf489332e14ada89ab8)
Edward Thomson a133caa2 2018-08-26T15:31:14 clar: accept a value for the summary filename Accept an (optional) value for the summary filename. Continues to default to summary.xml. (cherry picked from commit baa5c20d0815441cac2d2135d2b0190cb543e637)
Edward Thomson 8b68cb23 2018-08-26T15:25:15 clar: don't use a variable named `time` (cherry picked from commit dbebcb04b42047df0d52ad3515077a134c5b7da7)
Etienne Samson 4c48aeb5 2018-07-27T23:00:09 Barebones JUnit XML output (cherry picked from commit 59f1e477f772c73c76bc654a0853fdcf491a32a7)
Etienne Samson 564ab8ae 2018-07-26T23:02:34 Documentation (cherry picked from commit 3a9b96311d6f0ff364c6417cf3aab7c9745b18d4)
Etienne Samson 698b0928 2018-07-26T23:02:20 Isolate test reports This makes it possible to keep track of every test status (even successful ones), and their errors, if any. (cherry picked from commit bf9fc126709af948c2a324ceb1b2696046c91cfe)
Edward Thomson 57f86c22 2018-08-26T15:11:21 clar: refactor explicitly run test behavior Previously, supplying `-s` to explicitly enable some test(s) would run the tests immediately from the argument parser. This forces us to set up the entire clar environment (for example: sandboxing) before argument parsing takes place. Refactor the behavior of `-s` to add the explicitly chosen tests to a list that is executed later. This untangles the argument parsing from the setup lifecycle, allowing us to use the arguments to perform the setup. (cherry picked from commit 90753a96515f85e2d0e79a16d3a06ba5b363c68e)
Edward Thomson af405e42 2018-09-03T19:27:30 README: remove travis (cherry picked from commit 76cfeb20fc75f02eee8e1b672889039be282666f)
Edward Thomson fc9e051d 2018-08-30T21:53:58 ci: remove travis (cherry picked from commit 6fc946e87025f22315c481509b6658726725b7a4)
Patrick Steinhardt b3ea4a51 2018-10-12T12:08:00 Update .vsts-ci.yml (cherry picked from commit 7238a1e8c7e6b48439ce553c99b83915cb33b394)
Edward Thomson 75ca6092 2018-08-02T14:57:54 ci: add VSTS build badge to README (cherry picked from commit a1ae41b80b56cd49ecec049b7d2509f17596e116)
Patrick Steinhardt b609b5cd 2018-08-06T07:13:56 travis: do not execute Coverity analysis for all cron jobs The new Travis cron job gets executed daily, but our current configuration will cause each job to execute our Coverity script instead of the default build and testing scripts. This cannot work, as Coverity is heavily rate-limiting its API, so our cron builds are doomed to always fail. What we want to do instead is execute our normal builds, but add an additional Coverity jobs. This can easily be done by adding another Coverity-specific job with a conditional "type = cron", which sets the "COVERITY" environment variable. Instead of checking the build type, we then simply check whether "COVERITY" is set or not. (cherry picked from commit 0a6c13a239ef5e1427d8317b36c202ca9a580754)
Patrick Steinhardt 5e1d64ff 2018-08-06T09:12:48 ci: enable compilation with "-Werror" During the conversion of our CI scripts in bf418f09c (ci: refactor unix ci build/test scripts, 2018-07-14), we accidentally dropped the "-DENABLE_WERROR=ON" switch in our cmake invocation. Re-add it to help us catch compiler warnings early. (cherry picked from commit 900846571905cf7a9530d2680c627fde6044db92)
Patrick Steinhardt c7f91f39 2018-08-06T12:00:21 odb: fix use of wrong printf formatters The `git_odb_stream` members `declared_size` and `received_bytes` are both of the type `git_off_t`, which we usually defined to be a 64 bit signed integer. Thus, passing these members to "PRIdZ" formatters is not correct, as they are not guaranteed to accept big enough numbers. Instead, use the "PRId64" formatter, which is able to represent 64 bit signed integers. (cherry picked from commit 0fcd05631a1f59e156e613448262800c155e79d0)
Edward Thomson 25392688 2018-08-02T20:43:21 ci: run VSTS builds on master and maint branches (cherry picked from commit cd7883145f76a24db47dfd911cc8b0b387813c7c)
David Staheli fe56cd6c 2018-08-31T14:07:59 Update .vsts-nightly.yml (cherry picked from commit 40c3a974656a3a9bb0b63e0bb0eb770bb1648303)
Etienne Samson 75b0142d 2018-08-14T21:26:14 ci: Correct the status code check so Coverity doesn't force-fail Travis Otherwise you get something like Emitted 525 C/C++ compilation units (100%) successfully 525 C/C++ compilation units (100%) are ready for analysis The cov-build utility completed successfully. Build successfully submitted. Received error code 200 from Coverity travis_time:end:14cf6373:start=1534254309066933889,finish=1534254728190974302,duration=419124040413 The command "if [ -n "$COVERITY" ]; then ../ci/coverity.sh; fi" exited with 1. travis_time:start:01ed61d4 $ if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi travis_time:end:01ed61d4:start=1534254728197560961,finish=1534254728202711214,duration=5150253 The command "if [ -z "$COVERITY" ]; then ../ci/build.sh && ../ci/test.sh; fi" exited with 0. Done. Your build exited with 1. (cherry picked from commit 351ca66126b08530d96556eb4521b601c69125e3)
Edward Thomson c94dc053 2018-08-09T09:39:39 readme: remove appveyor build badge (cherry picked from commit 658b8e8a59341a7042a839d0417723d494d7b4cb)
Edward Thomson bc8a33c4 2018-08-06T16:33:15 ci: remove appveyor (cherry picked from commit 3ce31df3ff34b494a67f7d18dced9930c69883bd)
Edward Thomson c4ec76fa 2018-08-02T14:47:03 ci: set PKG_CONFIG_PATH on travis Homebrew's formula for openssl is "keg-only", which means it does not install it into /usr/local. On macOS builds, we need to set PKG_CONFIG_PATH to include it. (cherry picked from commit abf5336304ad7df85bbca2289a61b7799029fa1b)
Edward Thomson 5953f789 2018-07-29T17:26:44 ci: run coverity from a nightly VSTS build (cherry picked from commit d076db11a84b278e260139269c25fe692930f238)
Edward Thomson 1f7bb777 2018-07-28T22:29:53 ci: run coverity from travis's cron Instead of trying to run coverity builds during the regular PR process, run them during a regularly scheduled cron process. These only need to run nightly, so it makes sense to bring them out of the PR process. (cherry picked from commit 6b92368c859d0bf0dcdb15ca8bee520e0f4e84f2)
Edward Thomson d752ab97 2018-07-27T16:40:44 ci: remove unused old ci scripts (cherry picked from commit 24d175621b7ca6a218c7150ac47ea296f0766fa4)
Edward Thomson 6f8cc9b5 2018-07-27T12:31:32 ci: move travis to the new scripts (cherry picked from commit 24b8dd8275adb13acc68281c200623f636690666)
Edward Thomson ac46b959 2018-07-26T15:14:37 ci: move appveyor to new scripts (cherry picked from commit 465f8b5163cdee708a6ee81a7c210b2a8baedde4)
Edward Thomson 612d50b5 2018-07-26T15:06:01 ci: use a single setup script for mingw (cherry picked from commit f7bb4ff80bfa5e5173232685b13f143b572f36de)
Patrick Steinhardt 99a0a733 2018-10-12T12:07:48 ci: use docker containers from libgit2 account (cherry picked from commit 6fb63c9285b79bc2c6b67845273abdc7eaacaa1c)
Patrick Steinhardt 6fd065f6 2018-10-12T12:07:30 ci: perform clang builds on Linux (cherry picked from commit dc6e80e2ce7c4d1017ce41a67a0df50b29b36cc4)
Edward Thomson 3676834a 2018-07-25T01:04:55 ci: dissociate test from leaks process The leaks process is not good about handling children. Ensure that its child is `nohup`ed so that the grandparent shell won't wait for it to exit. (cherry picked from commit 6eb97b6ba93019741e7cf6147f0fab05dd3f831d)
Edward Thomson 8a54e39c 2018-07-21T10:49:23 ci: some additional debugging (cherry picked from commit 230eeda8e464a4675e82007d0c505617a6c243ed)
Edward Thomson bc2fec60 2018-07-20T19:47:40 ci: enable leak checking on osx (cherry picked from commit b00672b9e404adb771601408d4b02711085d6f90)
Edward Thomson d68c293a 2018-07-20T18:09:38 ci: msvc leak-checking (cherry picked from commit afecd15cf6de53b8a0d28061fd9ffaeac358b91f)
Edward Thomson 542a403f 2018-07-20T17:20:15 ci: xcode leaks leak-checking (cherry picked from commit 7f12c12394ce3f5b76a32a312461e95fe9e78ce7)
Edward Thomson f2087fc7 2018-07-20T14:14:16 buf tests: allocate a smaller size for the oom On Linux (where we run valgrind) allocate a smaller buffer, but still an insanely large size. This will cause malloc to fail but will not cause valgrind to report a likely error with a negative-sized malloc. Keep the original buffer size on non-Linux platforms: this is well-tested on them and changing it may be problematic. On macOS, for example, using the new size causes `malloc` to print a warning to stderr. (cherry picked from commit 219512e7989340d9efae8480fb79c08b91724014)
Patrick Steinhardt 7c686457 2018-10-12T12:07:09 ci: valgrind leak-checking (cherry picked from commit 6d6700d23860d21e8e5043e5c7689a6ed4d8fc70)
Edward Thomson 01d00cd9 2018-07-14T12:42:50 ci: introduce vsts builds (cherry picked from commit 67f5304f552a287dd46951b8ef96695f080c5ff2)
Edward Thomson 4e1218b4 2018-07-14T13:03:16 ci: scripts to setup mingw build environment (cherry picked from commit 9e588060d93da064ca288db021def3d81fa13790)
Edward Thomson 95c728de 2018-07-14T12:35:02 ci: set up a macos host Script to set up dependencies on a macOS build system. (cherry picked from commit 8734240417a02930593e3a76b56ce6b51441723c)
Edward Thomson 064b933d 2018-07-14T12:34:05 ci: setup a linux host Sets up a linux host to prepare for a build. (cherry picked from commit 5bb2087b7c60da5c2ce50b9eefeebfbe255c9a0d)
Edward Thomson 6dceeb74 2018-07-14T12:25:32 ci: improved flexibility for citest.sh Refactor citest.sh to enable local testing by developers. (cherry picked from commit 451b001725e4a97f0a9f1ff1d87a2bf5666850a3)
Edward Thomson ab55feee 2018-07-14T12:24:40 ci: refactor unix ci build/test scripts (cherry picked from commit bf418f09ce20f9e70c416288798bd7054a5e28d0)
Edward Thomson 4609548d 2018-07-14T12:22:47 ci: move tests into citest.ps1 Add citest.ps1 PowerShell script to run the tests. (cherry picked from commit e2cc5b6d9739591703cfb7f04efa84425ed63332)
Edward Thomson b6faab9d 2018-07-14T12:22:16 ci: Windows PowerShell build script (cherry picked from commit 3b6281fac165bd910abe7e961e5e65168723a187)
Edward Thomson 373bf31f 2018-07-04T10:56:56 tests: simplify cmake test configuration Simplify the names for the tests, removing the unnecessary "libgit2-clar" prefix. Make "all" the new default test run, and include the online tests by default (since HTTPS should always be enabled). For the CI tests, create an offline-only test, then the various online tests. (cherry picked from commit ce798b256b071f57bfd62664626c10339b3e36f7)
Etienne Samson f675c45a 2018-04-20T23:11:30 travis: enable -Werror in the script instead of using the matrix (cherry picked from commit 61eaaadf7f23a88a5bac67d44099d9d3fabf51fe)
Etienne Samson c84b7a5b 2018-04-20T23:11:28 scripts: remove extraneous semicolons (cherry picked from commit 149790b96eda8a1e48408decf92ba327479c2c33)
Etienne Samson 2f3240ff 2018-04-20T23:11:27 scripts: use leaks on macOS (cherry picked from commit 4c969618f6ec6caa8facd199c3a6de0e6b06396f)
Etienne Samson 9da74c2a 2018-04-20T23:11:25 valgrind: bump num-callers to 50 for fuller stack traces (cherry picked from commit 0fb8c1d09ca55751aec5f42bae9a3bc19da3248d)
Etienne Samson 1ec85a55 2018-04-20T23:11:23 travis: let cmake perform the build & install step The goal is to let cmake manage the parallelism (cherry picked from commit 1f4ada2a428c8d4af3cc0f12086700cda6e19e3a)
Etienne Samson c409e73d 2018-04-20T23:11:22 valgrind: silence invalid free in libc atexit handler ==17851== Invalid free() / delete / delete[] / realloc() ==17851== at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17851== by 0x60BBE2B: __libc_freeres (in /lib/x86_64-linux-gnu/libc-2.19.so) ==17851== by 0x4A256BC: _vgnU_freeres (in /usr/lib/valgrind/vgpreload_core-amd64-linux.so) ==17851== by 0x5F8F16A: __run_exit_handlers (exit.c:97) ==17851== by 0x5F8F1F4: exit (exit.c:104) ==17851== by 0x5F74F4B: (below main) (libc-start.c:321) ==17851== Address 0x63153c0 is 0 bytes inside data symbol "noai6ai_cached" (cherry picked from commit 234443e38be92ce14cff8574050f4714485a0102)
Etienne Samson 159d7b6d 2018-04-20T23:11:20 valgrind: silence libssh2 leaking something from gcrypt ==2957== 912 bytes in 19 blocks are still reachable in loss record 323 of 369 ==2957== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2957== by 0x675B120: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==2957== by 0x675BDF8: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==2957== by 0x675FE0D: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==2957== by 0x6761DC4: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==2957== by 0x676477E: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==2957== by 0x675B071: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==2957== by 0x675B544: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==2957== by 0x675914B: gcry_control (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==2957== by 0x5D30EC9: libssh2_init (in /usr/lib/x86_64-linux-gnu/libssh2.so.1.0.1) ==2957== by 0x66BCCD: git_transport_ssh_global_init (ssh.c:910) ==2957== by 0x616443: init_common (global.c:65) (cherry picked from commit dd75885ab45a590ff20404a3a0f20a1148cd4f64)
Etienne Samson 6bec4b8b 2018-04-20T23:11:19 valgrind: skip buf::oom test (cherry picked from commit 573c408921e02f61501b2982fc10af77a8412631)
Etienne Samson eed5a31d 2018-04-20T23:11:17 valgrind: silence curl_global_init leaks ==18109== 664 bytes in 1 blocks are still reachable in loss record 279 of 339 ==18109== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==18109== by 0x675B120: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==18109== by 0x675C13C: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==18109== by 0x675C296: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==18109== by 0x679BD14: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==18109== by 0x679CC64: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.8.2) ==18109== by 0x6A64946: ??? (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6) ==18109== by 0x6A116E8: ??? (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6) ==18109== by 0x6A01114: gnutls_global_init (in /usr/lib/x86_64-linux-gnu/libgnutls.so.26.22.6) ==18109== by 0x52A6C78: ??? (in /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.3.0) ==18109== by 0x5285ADC: curl_global_init (in /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.3.0) ==18109== by 0x663524: git_curl_stream_global_init (curl.c:44) (cherry picked from commit c0c9e9eeee5b4577eb930f56b8ddaf788f809067)
Etienne Samson c87426d7 2018-04-20T23:11:16 travis: split valgrind check in its own script (cherry picked from commit 74b0a4320726cb557bcf73f47ba25ee10c430066)
Etienne Samson b2d7f596 2018-04-20T23:11:14 travis: split testing from building (cherry picked from commit 2f4e7cb0e8c21cc2d673946eddf9278c2863427b)
Patrick Steinhardt 8e0b1729 2018-10-05T19:32:10 Merge pull request #4834 from pks-t/pks/v0.27.5 Security release v0.27.5
Patrick Steinhardt c590b41f 2018-09-06T13:14:40 version: raise to v0.27.5
Patrick Steinhardt 2f158e5b 2018-09-06T13:14:19 CHANGELOG: update for v0.27.5
Carlos Martín Nieto a221f58e 2018-10-05T11:47:39 submodule: ignore path and url attributes if they look like options These can be used to inject options in an implementation which performs a recursive clone by executing an external command via crafted url and path attributes such that it triggers a local executable to be run. The library is not vulnerable as we do not rely on external executables but a user of the library might be relying on that so we add this protection. This matches this aspect of git's fix for CVE-2018-17456.
Carlos Martín Nieto 34597d10 2018-10-05T11:42:00 submodule: add failing test for option-injection protection in url and path
Patrick Steinhardt 614c266d 2018-10-05T10:56:02 config_file: properly ignore includes without "path" value In case a configuration includes a key "include.path=" without any value, the generated configuration entry will have its value set to `NULL`. This is unexpected by the logic handling includes, and as soon as we try to calculate the included path we will unconditionally dereference that `NULL` pointer and thus segfault. Fix the issue by returning early in both `parse_include` and `parse_conditional_include` in case where the `file` argument is `NULL`. Add a test to avoid future regression. The issue has been found by the oss-fuzz project, issue 10810. (cherry picked from commit d06d4220eec035466d1a837972a40546b8904330)
Patrick Steinhardt aa220b0f 2018-10-05T10:55:29 tests: always unlink created config files While our tests in config::include create a plethora of configuration files, most of them do not get removed at the end of each test. This can cause weird interactions with tests that are being run at a later stage if these later tests try to create files or directories with the same name as any of the created configuration files. Fix the issue by unlinking all created files at the end of these tests. (cherry picked from commit bf662f7cf8daff2357923446cf9d22f5d4b4a66b)
Patrick Steinhardt f5c3442b 2018-10-03T16:17:21 smart_pkt: do not accept callers passing in no line length Right now, we simply ignore the `linelen` parameter of `git_pkt_parse_line` in case the caller passed in zero. But in fact, we never want to assume anything about the provided buffer length and always want the caller to pass in the available number of bytes. And in fact, checking all the callers, one can see that the funciton is never being called in case where the buffer length is zero, and thus we are safe to remove this check. (cherry picked from commit 1bc5b05c614c7b10de021fa392943e8e6bd12c77)
Patrick Steinhardt f7c3f6cc 2018-08-09T11:16:15 smart_pkt: return parsed length via out-parameter The `parse_len` function currently directly returns the parsed length of a packet line or an error code in case there was an error. Instead, convert this to our usual style of using the return value as error code only and returning the actual value via an out-parameter. Thus, we can now convert the output parameter to an unsigned type, as the size of a packet cannot ever be negative. While at it, we also move the check whether the input buffer is long enough into `parse_len` itself. We don't really want to pass around potentially non-NUL-terminated buffers to functions without also passing along the length, as this is dangerous in the unlikely case where other callers for that function get added. Note that we need to make sure though to not mess with `GIT_EBUFS` error codes, as these indicate not an error to the caller but that he needs to fetch more data. (cherry picked from commit c05790a8a8dd4351e61fc06c0a06c6a6fb6134dc)
Patrick Steinhardt 7e3cd611 2018-08-09T11:13:59 smart_pkt: reorder and rename parameters of `git_pkt_parse_line` The parameters of the `git_pkt_parse_line` function are quite confusing. First, there is no real indicator what the `out` parameter is actually all about, and it's not really clear what the `bufflen` parameter refers to. Reorder and rename the parameters to make this more obvious. (cherry picked from commit 0b3dfbf425d689101663341beb94237614f1b5c2)
Patrick Steinhardt 356f60f4 2018-08-09T11:04:42 smart_pkt: fix buffer overflow when parsing "unpack" packets When checking whether an "unpack" packet returned the "ok" status or not, we use a call to `git__prefixcmp`. In case where the passed line isn't properly NUL terminated, though, this may overrun the line buffer. Fix this by using `git__prefixncmp` instead. (cherry picked from commit 5fabaca801e1f5e7a1054be612e8fabec7cd6a7f)
Patrick Steinhardt b5b7c303 2018-08-09T11:03:37 smart_pkt: fix "ng" parser accepting non-space character When parsing "ng" packets, we blindly assume that the character immediately following the "ng" prefix is a space and skip it. As the calling function doesn't make sure that this is the case, we can thus end up blindly accepting an invalid packet line. Fix the issue by using `git__prefixncmp`, checking whether the line starts with "ng ". (cherry picked from commit b5ba7af2d30c958b090dcf135749d9afe89ec703)
Patrick Steinhardt 319f0c03 2018-08-09T11:01:00 smart_pkt: fix buffer overflow when parsing "ok" packets There are two different buffer overflows present when parsing "ok" packets. First, we never verify whether the line already ends after "ok", but directly go ahead and also try to skip the expected space after "ok". Second, we then go ahead and use `strchr` to scan for the terminating newline character. But in case where the line isn't terminated correctly, this can overflow the line buffer. Fix the issues by using `git__prefixncmp` to check for the "ok " prefix and only checking for a trailing '\n' instead of using `memchr`. This also fixes the issue of us always requiring a trailing '\n'. Reported by oss-fuzz, issue 9749: Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x6310000389c0 Crash State: ok_pkt git_pkt_parse_line git_smart__store_refs Sanitizer: address (ASAN) (cherry picked from commit a9f1ca09178af0640963e069a2142d5ced53f0b4)
Patrick Steinhardt 0599c267 2018-08-09T10:38:10 smart_pkt: fix buffer overflow when parsing "ACK" packets We are being quite lenient when parsing "ACK" packets. First, we didn't correctly verify that we're not overrunning the provided buffer length, which we fix here by using `git__prefixncmp` instead of `git__prefixcmp`. Second, we do not verify that the actual contents make any sense at all, as we simply ignore errors when parsing the ACKs OID and any unknown status strings. This may result in a parsed packet structure with invalid contents, which is being silently passed to the caller. This is being fixed by performing proper input validation and checking of return codes. (cherry picked from commit bc349045b1be8fb3af2b02d8554483869e54d5b8)
Patrick Steinhardt 0fe87761 2018-08-09T10:57:06 smart_pkt: adjust style of "ref" packet parsing function While the function parsing ref packets doesn't have any immediately obvious buffer overflows, it's style is different to all the other parsing functions. Instead of checking buffer length while we go, it does a check up-front. This causes the code to seem a lot more magical than it really is due to some magic constants. Refactor the function to instead make use of the style of other packet parser and verify buffer lengths as we go. (cherry picked from commit 5edcf5d190f3b379740b223ff6a649d08fa49581)
Patrick Steinhardt 97156614 2018-08-09T10:46:58 smart_pkt: check whether error packets are prefixed with "ERR " In the `git_pkt_parse_line` function, we determine what kind of packet a given packet line contains by simply checking for the prefix of that line. Except for "ERR" packets, we always only check for the immediate identifier without the trailing space (e.g. we check for an "ACK" prefix, not for "ACK "). But for "ERR" packets, we do in fact include the trailing space in our check. This is not really much of a problem at all, but it is inconsistent with all the other packet types and thus causes confusion when the `err_pkt` function just immediately skips the space without checking whether it overflows the line buffer. Adjust the check in `git_pkt_parse_line` to not include the trailing space and instead move it into `err_pkt` for consistency. (cherry picked from commit 786426ea6ec2a76ffe2515dc5182705fb3d44603)
Patrick Steinhardt 5c0d1100 2018-08-09T10:46:26 smart_pkt: explicitly avoid integer overflows when parsing packets When parsing data, progress or error packets, we need to copy the contents of the rest of the current packet line into the flex-array of the parsed packet. To keep track of this array's length, we then assign the remaining length of the packet line to the structure. We do have a mismatch of types here, as the structure's `len` field is a signed integer, while the length that we are assigning has type `size_t`. On nearly all platforms, this shouldn't pose any problems at all. The line length can at most be 16^4, as the line's length is being encoded by exactly four hex digits. But on a platforms with 16 bit integers, this assignment could cause an overflow. While such platforms will probably only exist in the embedded ecosystem, we still want to avoid this potential overflow. Thus, we now simply change the structure's `len` member to be of type `size_t` to avoid any integer promotion. (cherry picked from commit 40fd84cca68db24f325e460a40dabe805e7a5d35)
Patrick Steinhardt 20e58aac 2018-08-09T10:36:44 smart_pkt: honor line length when determining packet type When we parse the packet type of an incoming packet line, we do not verify that we don't overflow the provided line buffer. Fix this by using `git__prefixncmp` instead and passing in `len`. As we have previously already verified that `len <= linelen`, we thus won't ever overflow the provided buffer length. (cherry picked from commit 4a5804c983317100eed509537edc32d69c8d7aa2)
Patrick Steinhardt bd069448 2018-10-03T15:39:40 tests: verify parsing logic for smart packets The commits following this commit are about to introduce quite a lot of refactoring and tightening of the smart packet parser. Unfortunately, we do not yet have any tests despite our online tests that verify that our parser does not regress upon changes. This is doubly unfortunate as our online tests aren't executed by default. Add new tests that exercise the smart parsing logic directly by executing `git_pkt_parse_line`. (cherry picked from commit 365d2720c1a5fc89f03fd85265c8b45195c7e4a8)
Nelson Elhage 003cbc3f 2018-06-24T19:47:08 Verify ref_pkt's are long enough If the remote sends a too-short packet, we'll allow `len` to go negative and eventually issue a malloc for <= 0 bytes on ``` pkt->head.name = git__malloc(alloclen); ``` (cherry picked from commit 437ee5a70711ac2e027877d71ee4ae17e5ec3d6c)
Etienne Samson 4385aef3 2017-08-22T16:29:07 smart: typedef git_pkt_type and clarify recv_pkt return type (cherry picked from commit 08961c9d0d6927bfcc725bd64c9a87dbcca0c52c)
Nelson Elhage 21ffc57d 2018-06-28T05:27:36 Small style tweak, and set an error (cherry picked from commit 895a668e19dc596e7b12ea27724ceb7b68556106)
Nelson Elhage be98c9e9 2018-06-26T02:32:50 Remove GIT_PKT_PACK entirely (cherry picked from commit 90cf86070046fcffd5306915b57786da054d8964)
Christian Schlack bf4342f7 2018-08-11T13:06:14 Fix 'invalid packet line' for ng packets containing errors (cherry picked from commit 50dd7fea5ad1bf6c013b72ad0aa803a9c84cdede)
bisho 15e92284 2018-09-05T11:49:13 Prevent heap-buffer-overflow When running repack while doing repo writes, `packfile_load__cb()` can see some temporary files in the directory that are bigger than the usual, and makes `memcmp` overflow on the `p->pack_name` string. ASAN detected this. This just uses `strncmp`, that should not have any performance impact and is safe for comparing strings of different sizes. ``` ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61200001a3f3 at pc 0x7f4a9e1976ec bp 0x7ffc1f80e100 sp 0x7ffc1f80d8b0 READ of size 89 at 0x61200001a3f3 thread T0 SCARINESS: 26 (multi-byte-read-heap-buffer-overflow) #0 0x7f4a9e1976eb in __interceptor_memcmp.part.78 (/build/cfgr-admin#link-tree/libtools_build_sanitizers_asan-ubsan-py.so+0xcf6eb) #1 0x7f4a518c5431 in packfile_load__cb /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:213 #2 0x7f4a518d9582 in git_path_direach /build/libgit2/0.27.0/src/libgit2-0.27.0/src/path.c:1134 #3 0x7f4a518c58ad in pack_backend__refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:347 #4 0x7f4a518c1b12 in git_odb_refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1511 #5 0x7f4a518bff5f in git_odb__freshen /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:752 #6 0x7f4a518c17d4 in git_odb_stream_finalize_write /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1415 #7 0x7f4a51b9d015 in Repository_write /build/pygit2/0.27.0/src/pygit2-0.27.0/src/repository.c:509 ``` (cherry picked from commit d22cd1f4a4c10ff47b04c57560e6765d77e5a8fd)
Patrick Steinhardt 39706ded 2018-09-03T10:49:46 config_parse: refactor error handling when parsing multiline variables The current error handling for the multiline variable parser is a bit fragile, as each error condition has its own code to clear memory. Instead, unify error handling as far as possible to avoid this repetitive code. While at it, make use of `GITERR_CHECK_ALLOC` to correctly handle OOM situations and verify that the buffer we print into does not run out of memory either. (cherry picked from commit bc63e1ef521ab5900dc0b0dcd578b8bf18627fb1)
Nelson Elhage 68823395 2018-09-01T03:50:26 config: Fix a leak parsing multi-line config entries (cherry picked from commit 38b852558eb518f96c313cdcd9ce5a7af6ded194)
Nelson Elhage 24c7b23d 2018-08-25T17:04:39 config: convert unbounded recursion into a loop (cherry picked from commit a03113e80332fba6c77f43b21d398caad50b4b89)