delta/libgit2.git/src/commit.c, branch v1.3.0 github.com: libgit2/libgit2.git commit: use GIT_ASSERT 2020-11-27T11:09:19+00:00 Edward Thomson ethomson@edwardthomson.com 2020-04-05T13:42:44+00:00 3b2153feb111409d820ed41a5cf8c72343866dfb 






Make type mismatch errors consistent
2020-01-15T16:58:59+00:00

Tobias Nießen
tniessen@tnie.de

2020-01-15T16:58:59+00:00

5e1b6eaff1f3d84146bd966dbd2b6b20ad70fab9












commit: verify objects exist in git_commit_with_signature
2019-10-30T19:39:03+00:00

Carlos Martín Nieto
carlosmn@github.com

2019-10-30T19:39:03+00:00

718f24ad9aaeb14a026216aca86035f7b5d58803

There can be a significant difference between the system where we created the
buffer (if at all) and when the caller provides us with the contents of a
commit.

Verify that the commit we are being asked to create references objects which do
exist in the target repository.





There can be a significant difference between the system where we created the
buffer (if at all) and when the caller provides us with the contents of a
commit.

Verify that the commit we are being asked to create references objects which do
exist in the target repository.







Merge pull request #4445 from tiennou/shallow/dry-commit-parsing
2019-10-03T10:55:48+00:00

Patrick Steinhardt
ps@pks.im

2019-10-03T10:55:48+00:00

f04a58b00c1a350e2cd90bddcdaa7865183c9d2f

DRY commit parsing




DRY commit parsing






commit: generic parse mechanism
2019-10-03T06:39:49+00:00

Etienne Samson
samson.etienne@gmail.com

2018-10-25T19:40:19+00:00

1c847a6a70449d18b6fec05fbe83189ba79129ff

This allows us to pick which data from a commit we're interested in.
This will be used by the revwalk code, which is only interested in
parents' and committer data.





This allows us to pick which data from a commit we're interested in.
This will be used by the revwalk code, which is only interested in
parents' and committer data.







fixup: strange indentation
2019-08-07T14:21:27+00:00

Tyler Ang-Wanek
tylerw@axosoft.com

2019-08-07T14:21:27+00:00

998f9c15fdca34bbfe6a3d92093afe9c7f886dcf












commit: git_commit_create_with_signature should support null signature
2019-07-02T16:56:19+00:00

Tyler Ang-Wanek
tylerw@axosoft.com

2019-07-02T16:53:49+00:00

759471056f1d9fe36dde447e0ce08ba3ce13a7be

If provided with a null signature, skip adding the signature header and create the commit anyway.





If provided with a null signature, skip adding the signature header and create the commit anyway.







git_error: use new names in internal APIs and usage
2019-01-22T22:30:35+00:00

Edward Thomson
ethomson@edwardthomson.com

2018-12-27T19:47:34+00:00

f673e232afe22eb865cdc915e55a2df6493f0fbb

Move to the `git_error` name in the internal API for error-related
functions.





Move to the `git_error` name in the internal API for error-related
functions.







object_type: use new enumeration names
2018-12-01T11:54:57+00:00

Edward Thomson
ethomson@edwardthomson.com

2018-11-28T14:26:57+00:00

168fe39bea3368972a8b1a33d5908e73bc790c18

Use the new object_type enumeration names within the codebase.





Use the new object_type enumeration names within the codebase.







commit: fix out-of-bound reads when parsing truncated author fields
2018-11-21T10:01:30+00:00

Patrick Steinhardt
ps@pks.im

2018-11-21T09:54:29+00:00

cb23c3efd22d34db279ceb39cc312473761db5ed

While commit objects usually should have only one author field, our commit
parser actually handles the case where a commit has multiple author fields
because some tools that exist in the wild actually write them. Detection of
those additional author fields is done by using a simple `git__prefixcmp`,
checking whether the current line starts with the string "author ". In case
where we are handed a non-NUL-terminated string that ends directly after the
space, though, we may have an out-of-bounds read of one byte when trying to
compare the expected final NUL byte.

Fix the issue by using `git__prefixncmp` instead of `git_prefixcmp`.
Unfortunately, a test cannot be easily written to catch this case. While we
could test the last error message and verify that it didn't in fact fail parsing
a signature (because that would indicate that it has in fact tried to parse the
additional "author " field, which it shouldn't be able to detect in the first
place), this doesn't work as the next line needs to be the "committer" field,
which would error out with the same error message even if we hadn't done an
out-of-bounds read.

As objects read from the object database are always NUL terminated, this issue
cannot be triggered in normal code and thus it's not security critical.





While commit objects usually should have only one author field, our commit
parser actually handles the case where a commit has multiple author fields
because some tools that exist in the wild actually write them. Detection of
those additional author fields is done by using a simple `git__prefixcmp`,
checking whether the current line starts with the string "author ". In case
where we are handed a non-NUL-terminated string that ends directly after the
space, though, we may have an out-of-bounds read of one byte when trying to
compare the expected final NUL byte.

Fix the issue by using `git__prefixncmp` instead of `git_prefixcmp`.
Unfortunately, a test cannot be easily written to catch this case. While we
could test the last error message and verify that it didn't in fact fail parsing
a signature (because that would indicate that it has in fact tried to parse the
additional "author " field, which it shouldn't be able to detect in the first
place), this doesn't work as the next line needs to be the "committer" field,
which would error out with the same error message even if we hadn't done an
out-of-bounds read.

As objects read from the object database are always NUL terminated, this issue
cannot be triggered in normal code and thus it's not security critical.