Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Remove GIT_PKT_PACK entirely #4704

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 19, 2018
Merged

Remove GIT_PKT_PACK entirely #4704

merged 5 commits into from
Jul 19, 2018

Conversation

nelhage
Copy link
Contributor

@nelhage nelhage commented Jun 26, 2018
edited
Loading

This is a heavier-handed alternative to #4694

git_pkt_pack/GIT_PKT_PACK are, as best I can tell, never used by any client of the pack APIs. Futhermore, they are incredibly dangerous; Because https://github.com/libgit2/libgit2/blob/master/src/transports/smart_pkt.c#L419-L423 does not advance out, any client is required to check for GIT_PKT_PACK and bail out, or else go into an infinite loop calling git_pkt_parse_line to get a new packet, which will from that point forward always return a GIT_PKT_PACK.

My fuzzer has found at least two callers that can be forced into an infinite loop via a misplaced PACK, and I suspect there are more.

@ethomson
Copy link
Member

This seems reasonable to me, but getting 👀 on it by @carlosmn would be nice.

ethomson
ethomson reviewed Jun 27, 2018
View reviewed changes
src/transports/smart_pkt.c Outdated
}

return (int)len;
return GIT_ERROR;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should set an error message here, perhaps:

giterr_set(GITERR_NET, "unexpected pack file");
return -1;

(We usually do return -1 instead of return GIT_ERROR out of convention. I'd like to keep that moving forward.)

@nelhage nelhage mentioned this pull request Jul 10, 2018
Merged
@pks-t
Copy link
Member

pks-t commented Jul 13, 2018

Looks good to me. @ethomson, any further comments on this?

carlosmn
carlosmn approved these changes Jul 15, 2018
View reviewed changes
Copy link
Member

@carlosmn carlosmn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine other than the place-holder value.

src/transports/smart.h Outdated
@@ -40,7 +40,7 @@ typedef enum {
GIT_PKT_HAVE,
GIT_PKT_ACK,
GIT_PKT_NAK,
GIT_PKT_PACK,
GIT_PKT_PACK__UNUSED,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a private struct, we don't need place-holders for deleted values.

@nelhage
Copy link
Contributor Author

nelhage commented Jul 16, 2018

@carlosmn Thanks, removed the placeholder.

@pks-t pks-t merged commit fa401a3 into libgit2:master Jul 19, 2018
@pks-t
Copy link
Member

pks-t commented Jul 19, 2018

Thanks @nelhage!

@snyk-bot snyk-bot mentioned this pull request Feb 23, 2020
Open
@snyk-bot snyk-bot mentioned this pull request Apr 22, 2020
Open
@snyk-bot snyk-bot mentioned this pull request May 5, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ethomson ethomson ethomson left review comments

@carlosmn carlosmn carlosmn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nelhage @ethomson @pks-t @carlosmn