kmx git

Show log
Commit

Hash : 6cb9cd53
Author :
Date : 2018-11-14T12:04:42

strntol: fix out-of-bounds reads when parsing numbers with leading sign

When parsing a number, we accept a leading plus or minus sign to return
a positive or negative number. When the parsed string has such a leading
sign, we set up a flag indicating that the number is negative and
advance the pointer to the next character in that string. This misses
updating the number of bytes in the string, though, which is why the
parser may later on do an out-of-bounds read.

Fix the issue by correctly updating both the pointer and the number of
remaining bytes. Furthermore, we need to check whether we actually have
any bytes left after having advanced the pointer, as otherwise the
auto-detection of the base may do an out-of-bonuds access. Add a test
that detects the out-of-bound read.

Note that this is not actually security critical. While there are a lot
of places where the function is called, all of these places are guarded
or irrelevant:

- commit list: this operates on objects from the ODB, which are always
  NUL terminated any may thus not trigger the off-by-one OOB read.

- config: the configuration is NUL terminated.

- curl stream: user input is being parsed that is always NUL terminated

- index: the index is read via `git_futils_readbuffer`, which always NUL
  terminates it.

- loose objects: used to parse the length from the object's header. As
  we check previously that the buffer contains a NUL byte, this is safe.

- rebase: this parses numbers from the rebase instruction sheet. As the
  rebase code uses `git_futils_readbuffer`, the buffer is always NUL
  terminated.

- revparse: this parses a user provided buffer that is NUL terminated.

- signature: this parser the header information of objects. As objects
  read from the ODB are always NUL terminated, this is a non-issue. The
  constructor `git_signature_from_buffer` does not accept a length
  parameter for the buffer, so the buffer needs to be NUL terminated, as
  well.

- smart transport: the buffer that is parsed is NUL terminated

- tree cache: this parses the tree cache from the index extension. The
  index itself is read via `git_futils_readbuffer`, which always NUL
  terminates it.

- winhttp transport: user input is being parsed that is always NUL
  terminated

Properties

Git HTTP	https://git.kmx.io/thodg/libgit2.git
Git SSH	git@git.kmx.io:thodg/libgit2.git
Public access ?	public
Description	https://libgit2.org/
Users
Tags	v1.5.0 v1.4.4 v1.4.3 v1.4.2 v1.4.1 v1.4.0 v1.3.2 v1.3.1 v1.3.0 v1.2.0 v1.1.1 v1.1.0 v1.0.1 v1.0.0 v0.99.0 v0.8.0 v0.3.0 v0.28.5 v0.28.4 v0.28.3 v0.28.2 v0.28.1 v0.28.0-rc1 v0.28.0 v0.27.9 v0.27.8 v0.27.7 v0.27.6 v0.27.5 v0.27.4 v0.27.3 v0.27.2 v0.27.10 v0.27.1 v0.27.0-rc3 v0.27.0-rc2 v0.27.0-rc1 v0.27.0 v0.26.8 v0.26.7 v0.26.6 v0.26.5 v0.26.4 v0.26.3 v0.26.2 v0.26.1 v0.26.0-rc2 v0.26.0-rc1 v0.26.0 v0.25.1 v0.25.0-rc2 v0.25.0-rc1 v0.25.0 v0.24.6 v0.24.5 v0.24.4 v0.24.3 v0.24.2 v0.24.1 v0.24.0-rc1 v0.24.0 v0.23.4 v0.23.3 v0.23.2 v0.23.1 v0.23.0-rc2 v0.23.0-rc1 v0.23.0 v0.22.3 v0.22.2 v0.22.1 v0.22.0-rc2 v0.22.0-rc1 v0.22.0 v0.21.5 v0.21.4 v0.21.3 v0.21.2 v0.21.1 v0.21.0-rc2 v0.21.0-rc1 v0.21.0 v0.20.0 v0.2.0 v0.19.0 v0.18.0 v0.17.0 v0.16.0 v0.15.0 v0.14.0 v0.13.0 v0.12.0 v0.11.0 v0.10.0 v0.1.0

README.md
Writing Clar tests for libgit2

For information on the Clar testing framework and a detailed introduction please visit:

https://github.com/vmg/clar
- Write your modules and tests. Use good, meaningful names.
- Make sure you actually build the tests by setting:
```
  cmake -DBUILD_CLAR=ON build/
```
- Test:
```
  ./build/libgit2_clar
```
- Make sure everything is fine.
- Send your pull request. That’s it.

thodg/libgit2/tests

Commit

Files

Properties

README.md

Writing Clar tests for libgit2