delta/libgit2.git/src, branch cmn/format-security github.com: libgit2/libgit2.git Merge pull request #4785 from tiennou/fix/cleanup-remote 2018-09-07T11:20:33+00:00 Patrick Steinhardt ps@pks.im 2018-09-07T11:20:33+00:00 55d354d8ba2abd858e5745451502a147d70a0a6f remote: store the connection data in a private struct 
remote: store the connection data in a private struct
 remote: store the connection data in a private struct 2018-09-07T10:37:22+00:00 Etienne Samson samson.etienne@gmail.com 2018-09-07T10:36:15+00:00 1c176883880c4f487597074c70f9bb6f96198737 This makes it easier to pass connection-related options around (proxy & custom headers for now). This fixes a bug in git_push_finish, which didn't reuse the provided proxy if the connection closed between the call to `git_remote_push` and the finish step. 
This makes it easier to pass connection-related options around (proxy &
custom headers for now).

This fixes a bug in git_push_finish, which didn't reuse the provided
proxy if the connection closed between the call to `git_remote_push` and
the finish step.
 config_file: fix quadratic behaviour when adding config multivars 2018-09-06T12:27:02+00:00 Patrick Steinhardt ps@pks.im 2018-09-06T12:17:54+00:00 f26946358f0ddf106f54e4a9d7eaaf7b60a2c20f In case where we add multiple configuration entries with the same key to a diskfile backend, we always need to iterate the list of this key to find the last entry due to the list being a singly-linked list. This is obviously quadratic behaviour, and this has sure enough been found by oss-fuzz by generating a configuration file with 50k lines, where most of them have the same key. While the issue will not arise with "sane" configuration files, an adversary may trigger it by providing a crafted ".gitmodules" file, which is delivered as part of the repo and also parsed by the configuration parser. The fix is trivial: store a pointer to the last entry of the list in its head. As there are only two locations now where we append to this data structure, mainting this pointer is trivial, too. We can also optimize retrieval of a single value via `config_get`, where we previously had to chase the `next` pointer to find the last entry that was added. Using our configuration file fozzur with a corpus that has a single file with 50000 "-=" lines previously took around 21s. With this optimization the same file scans in about 0.053s, which is a nearly 400-fold improvement. But in most cases with a "normal" amount of same-named keys it's not going to matter anyway. 
In case where we add multiple configuration entries with the same key to
a diskfile backend, we always need to iterate the list of this key to
find the last entry due to the list being a singly-linked list. This
is obviously quadratic behaviour, and this has sure enough been found by
oss-fuzz by generating a configuration file with 50k lines, where most
of them have the same key. While the issue will not arise with "sane"
configuration files, an adversary may trigger it by providing a crafted
".gitmodules" file, which is delivered as part of the repo and also
parsed by the configuration parser.

The fix is trivial: store a pointer to the last entry of the list in its
head. As there are only two locations now where we append to this data
structure, mainting this pointer is trivial, too. We can also optimize
retrieval of a single value via `config_get`, where we previously had to
chase the `next` pointer to find the last entry that was added.

Using our configuration file fozzur with a corpus that has a single file
with 50000 "-=" lines previously took around 21s. With this optimization
the same file scans in about 0.053s, which is a nearly 400-fold
improvement. But in most cases with a "normal" amount of same-named keys
it's not going to matter anyway.
Merge pull request #4792 from nelhage/multiline-leak 2018-09-06T09:54:01+00:00 Patrick Steinhardt ps@pks.im 2018-09-06T09:54:01+00:00 695067f7d65ff6de2162917ce3092a2307020e59 config: Fix a leak parsing multi-line config entries 
config: Fix a leak parsing multi-line config entries
 Prevent heap-buffer-overflow 2018-09-05T18:49:13+00:00 bisho bishillo@gmail.com 2018-09-05T18:49:13+00:00 d22cd1f4a4c10ff47b04c57560e6765d77e5a8fd When running repack while doing repo writes, `packfile_load__cb()` can see some temporary files in the directory that are bigger than the usual, and makes `memcmp` overflow on the `p->pack_name` string. ASAN detected this. This just uses `strncmp`, that should not have any performance impact and is safe for comparing strings of different sizes. ``` ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61200001a3f3 at pc 0x7f4a9e1976ec bp 0x7ffc1f80e100 sp 0x7ffc1f80d8b0 READ of size 89 at 0x61200001a3f3 thread T0 SCARINESS: 26 (multi-byte-read-heap-buffer-overflow) #0 0x7f4a9e1976eb in __interceptor_memcmp.part.78 (/build/cfgr-admin#link-tree/libtools_build_sanitizers_asan-ubsan-py.so+0xcf6eb) #1 0x7f4a518c5431 in packfile_load__cb /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:213 #2 0x7f4a518d9582 in git_path_direach /build/libgit2/0.27.0/src/libgit2-0.27.0/src/path.c:1134 #3 0x7f4a518c58ad in pack_backend__refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:347 #4 0x7f4a518c1b12 in git_odb_refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1511 #5 0x7f4a518bff5f in git_odb__freshen /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:752 #6 0x7f4a518c17d4 in git_odb_stream_finalize_write /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1415 #7 0x7f4a51b9d015 in Repository_write /build/pygit2/0.27.0/src/pygit2-0.27.0/src/repository.c:509 ``` 
When running repack while doing repo writes, `packfile_load__cb()` can see some temporary files in the directory that are bigger than the usual, and makes `memcmp` overflow on the `p->pack_name` string. ASAN detected this. This just uses `strncmp`, that should not have any performance impact and is safe for comparing strings of different sizes.

```
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61200001a3f3 at pc 0x7f4a9e1976ec bp 0x7ffc1f80e100 sp 0x7ffc1f80d8b0
READ of size 89 at 0x61200001a3f3 thread T0
SCARINESS: 26 (multi-byte-read-heap-buffer-overflow)
    #0 0x7f4a9e1976eb in __interceptor_memcmp.part.78 (/build/cfgr-admin#link-tree/libtools_build_sanitizers_asan-ubsan-py.so+0xcf6eb)
    #1 0x7f4a518c5431 in packfile_load__cb /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:213
    #2 0x7f4a518d9582 in git_path_direach /build/libgit2/0.27.0/src/libgit2-0.27.0/src/path.c:1134
    #3 0x7f4a518c58ad in pack_backend__refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:347
    #4 0x7f4a518c1b12 in git_odb_refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1511
    #5 0x7f4a518bff5f in git_odb__freshen /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:752
    #6 0x7f4a518c17d4 in git_odb_stream_finalize_write /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1415
    #7 0x7f4a51b9d015 in Repository_write /build/pygit2/0.27.0/src/pygit2-0.27.0/src/repository.c:509
```
 config_parse: refactor error handling when parsing multiline variables 2018-09-03T08:52:44+00:00 Patrick Steinhardt ps@pks.im 2018-09-03T08:49:46+00:00 bc63e1ef521ab5900dc0b0dcd578b8bf18627fb1 The current error handling for the multiline variable parser is a bit fragile, as each error condition has its own code to clear memory. Instead, unify error handling as far as possible to avoid this repetitive code. While at it, make use of `GITERR_CHECK_ALLOC` to correctly handle OOM situations and verify that the buffer we print into does not run out of memory either. 
The current error handling for the multiline variable parser is a bit
fragile, as each error condition has its own code to clear memory.
Instead, unify error handling as far as possible to avoid this
repetitive code. While at it, make use of `GITERR_CHECK_ALLOC` to
correctly handle OOM situations and verify that the buffer we print into
does not run out of memory either.
config: Fix a leak parsing multi-line config entries 2018-09-01T03:50:26+00:00 Nelson Elhage nelhage@nelhage.com 2018-09-01T03:50:26+00:00 38b852558eb518f96c313cdcd9ce5a7af6ded194 






Merge pull request #4781 from nelhage/multiline-loop
2018-08-30T10:41:15+00:00

Patrick Steinhardt
ps@pks.im

2018-08-30T10:41:15+00:00

2054fe50ee8d3a8798e63acb7c603b273c5f79fc

config: convert unbounded recursion into a loop




config: convert unbounded recursion into a loop






Merge pull request #4765 from tiennou/fix/macos-qsort_r
2018-08-26T12:22:55+00:00

Edward Thomson
ethomson@edwardthomson.com

2018-08-26T12:22:55+00:00

df2f276e41f8b21f518f621043b99f2b34c109fb

util: make the qsort_r check work on macOS




util: make the qsort_r check work on macOS






Merge pull request #4727 from libgit2/cmn/null-oid-existing-tree
2018-08-26T10:33:42+00:00

Edward Thomson
ethomson@edwardthomson.com

2018-08-26T10:33:42+00:00

85eb2cb67611483cc13c9d16589b88a6cb9dd19d

tree: accept null ids in existing trees when updating




tree: accept null ids in existing trees when updating