Commit Graph

48227 Commits

Author SHA1 Message Date
Jeff King
8262715b8e path.c: fix uninitialized memory access
In cleanup_path we're passing in a char array, run a memcmp on it, and
run through it without ever checking if something is in the array in the
first place.  This can lead us to access uninitialized memory, for
example in t5541-http-push-smart.sh test 7, when run under valgrind:

==4423== Conditional jump or move depends on uninitialised value(s)
==4423==    at 0x242FA9: cleanup_path (path.c:35)
==4423==    by 0x242FA9: mkpath (path.c:456)
==4423==    by 0x256CC7: refname_match (refs.c:364)
==4423==    by 0x26C181: count_refspec_match (remote.c:1015)
==4423==    by 0x26C181: match_explicit_lhs (remote.c:1126)
==4423==    by 0x26C181: check_push_refs (remote.c:1409)
==4423==    by 0x2ABB4D: transport_push (transport.c:870)
==4423==    by 0x186703: push_with_options (push.c:332)
==4423==    by 0x18746D: do_push (push.c:409)
==4423==    by 0x18746D: cmd_push (push.c:566)
==4423==    by 0x1183E0: run_builtin (git.c:352)
==4423==    by 0x11973E: handle_builtin (git.c:539)
==4423==    by 0x11973E: run_argv (git.c:593)
==4423==    by 0x11973E: main (git.c:698)
==4423==  Uninitialised value was created by a heap allocation
==4423==    at 0x4C2CD8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4423==    by 0x4C2F195: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4423==    by 0x2C196B: xrealloc (wrapper.c:137)
==4423==    by 0x29A30B: strbuf_grow (strbuf.c:66)
==4423==    by 0x29A30B: strbuf_vaddf (strbuf.c:277)
==4423==    by 0x242F9F: mkpath (path.c:454)
==4423==    by 0x256CC7: refname_match (refs.c:364)
==4423==    by 0x26C181: count_refspec_match (remote.c:1015)
==4423==    by 0x26C181: match_explicit_lhs (remote.c:1126)
==4423==    by 0x26C181: check_push_refs (remote.c:1409)
==4423==    by 0x2ABB4D: transport_push (transport.c:870)
==4423==    by 0x186703: push_with_options (push.c:332)
==4423==    by 0x18746D: do_push (push.c:409)
==4423==    by 0x18746D: cmd_push (push.c:566)
==4423==    by 0x1183E0: run_builtin (git.c:352)
==4423==    by 0x11973E: handle_builtin (git.c:539)
==4423==    by 0x11973E: run_argv (git.c:593)
==4423==    by 0x11973E: main (git.c:698)
==4423==

Avoid this by using skip_prefix(), which knows not to go beyond the
end of the string.

Reported-by: Thomas Gummerer <t.gummerer@gmail.com>
Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-04 13:47:16 +09:00
Junio C Hamano
4010f1d1b7 Git 2.14.2
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22 14:51:37 +09:00
Junio C Hamano
cef9271e01 Sync with 2.13.6
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22 14:50:02 +09:00
Junio C Hamano
42e6fde5c2 Git 2.13.6
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22 14:49:24 +09:00
Junio C Hamano
1df0306d9b Sync with 2.12.5
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22 14:48:08 +09:00
Junio C Hamano
9752ad0bb7 Git 2.12.5
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22 14:47:41 +09:00
Junio C Hamano
65c9d4bd7b Sync with 2.11.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22 14:45:30 +09:00
Junio C Hamano
39aaab1099 Git 2.11.4
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22 14:44:45 +09:00
Junio C Hamano
0a4986d951 Sync with 2.10.5
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22 14:43:17 +09:00
Junio C Hamano
27dea4683b Git 2.10.5
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22 14:42:22 +09:00
Junio C Hamano
dca89d4e56 Merge branch 'jk/safe-pipe-capture' into maint-2.10 2017-09-22 14:34:34 +09:00
Junio C Hamano
6d6e2f812d Merge branch 'jk/cvsimport-quoting' into maint-2.10 2017-09-22 14:34:34 +09:00
Junio C Hamano
31add46823 Merge branch 'jc/cvsserver' into maint-2.10 2017-09-22 14:34:34 +09:00
Junio C Hamano
985f59c042 Merge branch 'jk/git-shell-drop-cvsserver' into maint-2.10 2017-09-22 14:34:34 +09:00
Jeff King
5b4efea666 cvsimport: shell-quote variable used in backticks
We run `git rev-parse` though the shell, and quote its
argument only with single-quotes. This prevents most
metacharacters from being a problem, but misses the obvious
case when $name itself has single-quotes in it. We can fix
this by applying the usual shell-quoting formula.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-12 11:10:22 +09:00
Jeff King
8d0fad0a7a archimport: use safe_pipe_capture for user input
Refnames can contain shell metacharacters which need to be
passed verbatim to sub-processes. Using safe_pipe_capture
skips the shell entirely.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-12 11:08:15 +09:00
Jeff King
9a42c03cb7 shell: drop git-cvsserver support by default
The git-cvsserver script is old and largely unmaintained
these days. But git-shell allows untrusted users to run it
out of the box, significantly increasing its attack surface.

Let's drop it from git-shell's list of internal handlers so
that it cannot be run by default.  This is not backwards
compatible. But given the age and development activity on
CVS-related parts of Git, this is likely to impact very few
users, while helping many more (i.e., anybody who runs
git-shell and had no intention of supporting CVS).

There's no configuration mechanism in git-shell for us to
add a boolean and flip it to "off". But there is a mechanism
for adding custom commands, and adding CVS support here is
fairly trivial. Let's document it to give guidance to
anybody who really is still running cvsserver.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-12 11:05:58 +09:00
Junio C Hamano
46203ac24d cvsserver: use safe_pipe_capture for constant commands as well
This is not strictly necessary, but it is a good code hygiene.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-11 14:52:29 +09:00
joernchen
27dd73871f cvsserver: use safe_pipe_capture instead of backticks
This makes the script pass arguments that are derived from end-user
input in safer way when invoking subcommands.

Reported-by: joernchen <joernchen@phenoelit.de>
Signed-off-by: joernchen <joernchen@phenoelit.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-11 14:52:29 +09:00
Junio C Hamano
fce13af5d2 cvsserver: move safe_pipe_capture() to the main package
As a preparation for replacing `command` with a call to this
function from outside GITCVS::updater package, move it to the main
package.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-11 14:52:29 +09:00
Junio C Hamano
94c9fd268d RelNotes: further fixes for 2.14.2 from the master front
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-10 17:06:09 +09:00
Junio C Hamano
60f4851bb2 Merge branch 'jt/doc-pack-objects-fix' into maint
Doc updates.

* jt/doc-pack-objects-fix:
  Doc: clarify that pack-objects makes packs, plural
2017-09-10 17:03:10 +09:00
Junio C Hamano
8134746d1d Merge branch 'jn/vcs-svn-cleanup' into maint
Code clean-up.

* jn/vcs-svn-cleanup:
  vcs-svn: move remaining repo_tree functions to fast_export.h
  vcs-svn: remove repo_delete wrapper function
  vcs-svn: remove custom mode constants
  vcs-svn: remove more unused prototypes and declarations
2017-09-10 17:03:09 +09:00
Junio C Hamano
044aa0eb7f Merge branch 'bc/vcs-svn-cleanup' into maint
Code clean-up.

* bc/vcs-svn-cleanup:
  vcs-svn: rename repo functions to "svn_repo"
  vcs-svn: remove unused prototypes
2017-09-10 17:03:08 +09:00
Junio C Hamano
5e03ae4594 Merge branch 'jk/doc-the-this' into maint
Doc clean-up.

* jk/doc-the-this:
  doc: fix typo in sendemail.identity
2017-09-10 17:03:07 +09:00
Junio C Hamano
02a19e9a48 Merge branch 'rs/commit-h-single-parent-cleanup' into maint
Code clean-up.

* rs/commit-h-single-parent-cleanup:
  commit: remove unused inline function single_parent()
2017-09-10 17:03:07 +09:00
Junio C Hamano
d2ef4bedf9 Merge branch 'mg/format-ref-doc-fix' into maint
Doc fix.

* mg/format-ref-doc-fix:
  Documentation/git-for-each-ref: clarify peeling of tags for --format
  Documentation: use proper wording for ref format strings
2017-09-10 17:03:06 +09:00
Junio C Hamano
95d25c412d Merge branch 'sb/submodule-parallel-update' into maint
Code clean-up.

* sb/submodule-parallel-update:
  submodule.sh: remove unused variable
2017-09-10 17:03:06 +09:00
Junio C Hamano
b3c2280960 Merge branch 'hv/t5526-andand-chain-fix' into maint
Test fix.

* hv/t5526-andand-chain-fix:
  t5526: fix some broken && chains
2017-09-10 17:03:05 +09:00
Junio C Hamano
f04f860dfa Merge branch 'sb/sha1-file-cleanup' into maint
Code clean-up.

* sb/sha1-file-cleanup:
  sha1_file: make read_info_alternates static
2017-09-10 17:03:04 +09:00
Junio C Hamano
1a8a328654 Merge branch 'rs/t1002-do-not-use-sum' into maint
Test simplification.

* rs/t1002-do-not-use-sum:
  t1002: stop using sum(1)
2017-09-10 17:03:04 +09:00
Junio C Hamano
b438722c06 Merge branch 'ah/doc-empty-string-is-false' into maint
Doc update.

* ah/doc-empty-string-is-false:
  doc: clarify "config --bool" behaviour with empty string
2017-09-10 17:03:03 +09:00
Junio C Hamano
afa6608b93 Merge branch 'rs/merge-microcleanup' into maint
Code clean-up.

* rs/merge-microcleanup:
  merge: use skip_prefix()
2017-09-10 17:03:02 +09:00
Junio C Hamano
c580ce194f Merge branch 'rs/find-pack-entry-bisection' into maint
Code clean-up.

* rs/find-pack-entry-bisection:
  sha1_file: avoid comparison if no packed hash matches the first byte
2017-09-10 17:03:02 +09:00
Junio C Hamano
c7759cd60a Merge branch 'rs/apply-lose-prefix-length' into maint
Code clean-up.

* rs/apply-lose-prefix-length:
  apply: remove prefix_length member from apply_state
2017-09-10 17:03:01 +09:00
Junio C Hamano
70def2c47f Merge branch 'rj/add-chmod-error-message' into maint
Message fix.

* rj/add-chmod-error-message:
  builtin/add: add detail to a 'cannot chmod' error message
2017-09-10 17:03:00 +09:00
Junio C Hamano
822a4d4178 Merge branch 'jk/hashcmp-memcmp' into maint
Code clean-up.

* jk/hashcmp-memcmp:
  hashcmp: use memcmp instead of open-coded loop
2017-09-10 17:02:59 +09:00
Junio C Hamano
f35a1d75b5 Merge branch 'rs/t3700-clean-leftover' into maint
A test fix.

* rs/t3700-clean-leftover:
  t3700: fix broken test under !POSIXPERM
2017-09-10 17:02:58 +09:00
Junio C Hamano
8f3d48e14e Merge branch 'jc/perl-git-comment-typofix' into maint
A comment fix.

* jc/perl-git-comment-typofix:
  perl/Git.pm: typofix in a comment
2017-09-10 17:02:57 +09:00
Junio C Hamano
036e1274a2 Merge branch 'mf/no-dashed-subcommands' into maint
Code clean-up.

* mf/no-dashed-subcommands:
  scripts: use "git foo" not "git-foo"
2017-09-10 17:02:56 +09:00
Junio C Hamano
1eb539a9b3 Merge branch 'ab/ref-filter-no-contains' into maint
A test fix.

* ab/ref-filter-no-contains:
  tests: don't give unportable ">" to "test" built-in, use -gt
2017-09-10 17:02:56 +09:00
Junio C Hamano
ea8bf00095 Merge branch 'rs/archive-excluded-directory' into maint
"git archive" did not work well with pathspecs and the
export-ignore attribute.

We may want to resurrect the "we don't archive an empty directory"
bonus patch, but I do not mind merging the above early to 'next'
and leave it as a separate follow-up enhancement.
cf. <20170820090629.tumvqwzkromcykjf@sigill.intra.peff.net>

* rs/archive-excluded-directory:
  archive: don't queue excluded directories
  archive: factor out helper functions for handling attributes
  t5001: add tests for export-ignore attributes and exclude pathspecs
2017-09-10 17:02:55 +09:00
Junio C Hamano
78ad09403c Merge branch 'mg/killed-merge' into maint
Killing "git merge --edit" before the editor returns control left
the repository in a state with MERGE_MSG but without MERGE_HEAD,
which incorrectly tells the subsequent "git commit" that there was
a squash merge in progress.  This has been fixed.

* mg/killed-merge:
  merge: save merge state earlier
  merge: split write_merge_state in two
  merge: clarify call chain
  Documentation/git-merge: explain --continue
2017-09-10 17:02:55 +09:00
Junio C Hamano
648a50a08a Merge branch 'tb/apply-with-crlf' into maint
"git apply" that is used as a better "patch -p1" failed to apply a
taken from a file with CRLF line endings to a file with CRLF line
endings.  The root cause was because it misused convert_to_git()
that tried to do "safe-crlf" processing by looking at the index
entry at the same path, which is a nonsense---in that mode, "apply"
is not working on the data in (or derived from) the index at all.
This has been fixed.

* tb/apply-with-crlf:
  apply: file commited with CRLF should roundtrip diff and apply
  convert: add SAFE_CRLF_KEEP_CRLF
2017-09-10 17:02:55 +09:00
Junio C Hamano
27015b4f95 Merge branch 'cc/subprocess-handshake-missing-capabilities' into maint
When handshake with a subprocess filter notices that the process
asked for an unknown capability, Git did not report what program
the offending subprocess was running.  This has been corrected.

We may want a follow-up fix to tighten the error checking, though.

* cc/subprocess-handshake-missing-capabilities:
  sub-process: print the cmd when a capability is unsupported
2017-09-10 17:02:55 +09:00
Junio C Hamano
f1b64e8e64 Merge branch 'as/grep-quiet-no-match-exit-code-fix' into maint
"git grep -L" and "git grep --quiet -L" reported different exit
codes; this has been corrected.

* as/grep-quiet-no-match-exit-code-fix:
  git-grep: correct exit code with --quiet and -L
2017-09-10 17:02:55 +09:00
Junio C Hamano
8388f986b6 Merge branch 'kd/stash-with-bash-4.4' into maint
bash 4.4 or newer gave a warning on NUL byte in command
substitution done in "git stash"; this has been squelched.

* kd/stash-with-bash-4.4:
  stash: prevent warning about null bytes in input
2017-09-10 17:02:54 +09:00
Junio C Hamano
fbded00b0d Merge branch 'rs/win32-syslog-leakfix' into maint
Memory leak in an error codepath has been plugged.

* rs/win32-syslog-leakfix:
  win32: plug memory leak on realloc() failure in syslog()
2017-09-10 17:02:54 +09:00
Junio C Hamano
438776e3d4 Merge branch 'rs/unpack-entry-leakfix' into maint
Memory leak in an error codepath has been plugged.

* rs/unpack-entry-leakfix:
  sha1_file: release delta_stack on error in unpack_entry()
2017-09-10 17:02:53 +09:00
Junio C Hamano
c3b931e162 Merge branch 'rs/fsck-obj-leakfix' into maint
Memory leak in an error codepath has been plugged.

* rs/fsck-obj-leakfix:
  fsck: free buffers on error in fsck_obj()
2017-09-10 17:02:53 +09:00