Hash :
1f9a8510
        
        Author :
  
        
        Date :
2018-07-19T13:00:42
        
      
smart_pkt: fix potential OOB-read when processing ng packet OSS-fuzz has reported a potential out-of-bounds read when processing a "ng" smart packet: ==1==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6310000249c0 at pc 0x000000493a92 bp 0x7ffddc882cd0 sp 0x7ffddc882480 READ of size 65529 at 0x6310000249c0 thread T0 SCARINESS: 26 (multi-byte-read-heap-buffer-overflow) #0 0x493a91 in __interceptor_strchr.part.35 /src/llvm/projects/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:673 #1 0x813960 in ng_pkt libgit2/src/transports/smart_pkt.c:320:14 #2 0x810f79 in git_pkt_parse_line libgit2/src/transports/smart_pkt.c:478:9 #3 0x82c3c9 in git_smart__store_refs libgit2/src/transports/smart_protocol.c:47:12 #4 0x6373a2 in git_smart__connect libgit2/src/transports/smart.c:251:15 #5 0x57688f in git_remote_connect libgit2/src/remote.c:708:15 #6 0x52e59b in LLVMFuzzerTestOneInput /src/download_refs_fuzzer.cc:145:9 #7 0x52ef3f in ExecuteFilesOnyByOne(int, char**) /src/libfuzzer/afl/afl_driver.cpp:301:5 #8 0x52f4ee in main /src/libfuzzer/afl/afl_driver.cpp:339:12 #9 0x7f6c910db82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/libc-start.c:291 #10 0x41d518 in _start When parsing an "ng" packet, we keep track of both the current position as well as the remaining length of the packet itself. But instead of taking care not to exceed the length, we pass the current pointer's position to `strchr`, which will search for a certain character until hitting NUL. It is thus possible to create a crafted packet which doesn't contain a NUL byte to trigger an out-of-bounds read. Fix the issue by instead using `memchr`, passing the remaining length as restriction. Furthermore, verify that we actually have enough bytes left to produce a match at all. OSS-Fuzz-Issue: 9406
| Git HTTP | https://git.kmx.io/thodg/libgit2.git | 
|---|---|
| Git SSH | git@git.kmx.io:thodg/libgit2.git | 
| Public access ? | public | 
| Description | |
| Users |   | 
| Tags | 
 | 
libgit2 is a portable, pure C implementation of the Git core methods
provided as a linkable library with a solid API, allowing to build Git
functionality into your application.  Language bindings like
Rugged (Ruby),
LibGit2Sharp (.NET),
pygit2 (Python) and
NodeGit (Node) allow you to build Git tooling
in your favorite language.
libgit2 is used to power Git GUI clients like
GitKraken and gmaster
and on Git hosting providers like GitHub,
GitLab and
Visual Studio Team Services.
We perform the merge every time you click “merge pull request”.
libgit2 is licensed under a very permissive license (GPLv2 with a special
Linking Exception).  This basically means that you can link it (unmodified)
with any kind of software without having to release its source code.
Additionally, the example code has been released to the public domain (see the
separate license for more information).
Prerequisites for building libgit2:
PATH.  PATH.  Build
mkdir build && cd build  cmake ..  cmake --build .  
Trouble with these steps?  Read TROUBLESHOOTING.md.  More detailed build
guidance is available below.
Join us on Slack
Visit slack.libgit2.org to sign up, then join
us in #libgit2.  If you prefer IRC, you can also point your client to our
slack channel once you’ve registered.
Getting Help
If you have questions about the library, please be sure to check out the
API documentation.  If you still have
questions, reach out to us on Slack or post a question on 
StackOverflow (with the libgit2 tag).
Reporting Bugs
Please open a GitHub Issue and include as much information as possible. If possible, provide sample code that illustrates the problem you’re seeing. If you’re seeing a bug only on a specific repository, please provide a link to it if possible.
We ask that you not open a GitHub Issue for help, only for bug reports.
Reporting Security Issues
In case you think to have found a security issue with libgit2, please do not open a public issue. Instead, you can report the issue to the private mailing list security@libgit2.com.
libgit2 provides you with the ability to manage Git repositories in the programming language of your choice. It’s used in production to power many applications including GitHub.com, Plastic SCM and Visual Studio Team Services.
It does not aim to replace the git tool or its user-facing commands. Some APIs resemble the plumbing commands as those align closely with the concepts of the Git system, but most commands a user would type are out of scope for this library to implement directly.
The library provides:
As libgit2 is purely a consumer of the Git system, we have to adjust to changes made upstream. This has two major consequences:
While the library provides git functionality without the need for dependencies, it can make use of a few libraries to add to it:
The library needs to keep track of some global state. Call
git_libgit2_init();before calling any other libgit2 functions. You can call this function many times. A matching number of calls to
git_libgit2_shutdown();
will free the resources.  Note that if you have worker threads, you should
call git_libgit2_shutdown after those threads have exited.  If you
require assistance coordinating this, simply have the worker threads call
git_libgit2_init at startup and git_libgit2_shutdown at shutdown.
See THREADING for information
See CONVENTIONS for an overview of the external and internal API/coding conventions we use.
libgit2 builds cleanly on most platforms without any external dependencies.
Under Unix-like systems, like Linux, *BSD and Mac OS X, libgit2 expects pthreads to be available;
they should be installed by default on all systems. Under Windows, libgit2 uses the native Windows API
for threading.
The libgit2 library is built using CMake (version 2.8 or newer) on all platforms.
On most systems you can build the library using the following commands
$ mkdir build && cd build
$ cmake ..
$ cmake --build .Alternatively you can point the CMake GUI tool to the CMakeLists.txt file and generate platform specific build project or IDE workspace.
Once built, you can run the tests from the build directory with the command
$ ctest -VAlternatively you can run the test suite directly using,
$ ./libgit2_clar
Invoking the test suite directly is useful because it allows you to execute
individual tests, or groups of tests using the -s flag.  For example, to
run the index tests:
$ ./libgit2_clar -sindex
To run a single test named index::racy::diff, which corresponds to the test
function (test_index_racy__diff)[https://github.com/libgit2/libgit2/blob/master/tests/index/racy.c#L23]:
$ ./libgit2_clar -sindex::racy::diff
The test suite will print a . for every passing test, and an F for any
failing test.  An S indicates that a test was skipped because it is not
applicable to your platform or is particularly expensive.
Note: There should be no failing tests when you build an unmodified source tree from a release, or from the master branch. Please contact us or open an issue if you see test failures.
To install the library you can specify the install prefix by setting:
$ cmake .. -DCMAKE_INSTALL_PREFIX=/install/prefix
$ cmake --build . --target installFor more advanced use or questions about CMake please read https://cmake.org/Wiki/CMake_FAQ.
The following CMake variables are declared:
BIN_INSTALL_DIR: Where to install binaries to.  LIB_INSTALL_DIR: Where to install libraries to.  INCLUDE_INSTALL_DIR: Where to install headers to.  BUILD_SHARED_LIBS: Build libgit2 as a Shared Library (defaults to ON)  BUILD_CLAR: Build Clar-based test suite (defaults to ON)  THREADSAFE: Build libgit2 with threading support (defaults to ON)  STDCALL: Build libgit2 as stdcall. Turn off for cdecl (Windows; defaults to ON)  CMake lets you specify a few variables to control the behavior of the compiler and linker. These flags are rarely used but can be useful for 64-bit to 32-bit cross-compilation.
CMAKE_C_FLAGS: Set your own compiler flags  CMAKE_FIND_ROOT_PATH: Override the search path for libraries  ZLIB_LIBRARY, OPENSSL_SSL_LIBRARY AND OPENSSL_CRYPTO_LIBRARY:
Tell CMake where to find those specific libraries  
If you want to build a universal binary for Mac OS X, CMake sets it
all up for you if you use -DCMAKE_OSX_ARCHITECTURES="i386;x86_64"
when configuring.
Extract toolchain from NDK using, make-standalone-toolchain.sh script.
Optionally, crosscompile and install OpenSSL inside of it. Then create CMake
toolchain file that configures paths to your crosscompiler (substitute {PATH}
with full path to the toolchain):
SET(CMAKE_SYSTEM_NAME Linux)
SET(CMAKE_SYSTEM_VERSION Android)
SET(CMAKE_C_COMPILER   {PATH}/bin/arm-linux-androideabi-gcc)
SET(CMAKE_CXX_COMPILER {PATH}/bin/arm-linux-androideabi-g++)
SET(CMAKE_FIND_ROOT_PATH {PATH}/sysroot/)
SET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
SET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
Add -DCMAKE_TOOLCHAIN_FILE={pathToToolchainFile} to cmake command
when configuring.
Here are the bindings to libgit2 that are currently available:
If you start another language binding to libgit2, please let us know so we can add it to the list.
We welcome new contributors! We have a number of issues marked as “up for grabs” and “easy fix” that are good places to jump in and get started. There’s much more detailed information in our list of outstanding projects.
Please be sure to check the contribution guidelines to understand our workflow, and the libgit2 coding conventions.
libgit2 is under GPL2 with linking exception. This means you can link to
and use the library from any program, proprietary or open source; paid or
gratis.  However, if you modify libgit2 itself, you must distribute the
source to your modified version of libgit2.
See the COPYING file for the full license text.