Fork of git SCM with my patches. http://git.kilabit.info/git/atom?h=v2.32.5 2022-12-13T12:10:27Z 2022-12-13T12:10:27Z Junio C Hamano gitster@pobox.com 2022-12-13T12:10:27Z urn:sha1:d96ea538e8dd0fcf381089a3b09c0a9af3617351 Signed-off-by: Junio C Hamano <gitster@pobox.com> 2022-12-13T12:09:56Z Junio C Hamano gitster@pobox.com 2022-12-13T12:09:56Z urn:sha1:32e357b6df4c686151d371da7c3ff56444227d9e 2022-12-13T12:09:40Z Junio C Hamano gitster@pobox.com 2022-12-13T12:09:40Z urn:sha1:8a755eddf5bf256613bc584f32cd44401a25897c 2022-12-13T12:04:03Z Junio C Hamano gitster@pobox.com 2022-12-13T12:04:03Z urn:sha1:82689d5e5d3f41da2ab1fbf9fbe7aacfd6da74c1 Signed-off-by: Junio C Hamano <gitster@pobox.com> 2022-12-13T12:02:20Z Junio C Hamano gitster@pobox.com 2022-12-13T12:02:20Z urn:sha1:16128765d70f1375bcde3f27f51f85492b176a59 2022-12-13T11:56:43Z Junio C Hamano gitster@pobox.com 2022-12-13T11:56:43Z urn:sha1:b7b37a33711e64bf580ef3141878b12a36e28833 Signed-off-by: Junio C Hamano <gitster@pobox.com> 2022-12-09T08:07:04Z Patrick Steinhardt ps@pks.im 2022-12-01T14:46:09Z urn:sha1:27ab4784d5c9e24345b9f5b443609cbe527c51f9 Recently, a vulnerability was reported that can lead to an out-of-bounds write when reading an unreasonably large gitattributes file. The root cause of this error are multiple integer overflows in different parts of the code when there are either too many lines, when paths are too long, when attribute names are too long, or when there are too many attributes declared for a pattern. As all of these are related to size, it seems reasonable to restrict the size of the gitattributes file via git-fsck(1). This allows us to both stop distributing known-vulnerable objects via common hosting platforms that have fsck enabled, and users to protect themselves by enabling the `fetch.fsckObjects` config. There are basically two checks: 1. We verify that size of the gitattributes file is smaller than 100MB. 2. We verify that the maximum line length does not exceed 2048 bytes. With the preceding commits, both of these conditions would cause us to either ignore the complete gitattributes file or blob in the first case, or the specific line in the second case. Now with these consistency checks added, we also grow the ability to stop distributing such files in the first place when `receive.fsckObjects` is enabled. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2022-12-09T08:05:00Z Patrick Steinhardt ps@pks.im 2022-12-01T14:46:05Z urn:sha1:f8587c31c96172aac547f83977c98fa8f0e2aa67 Move the checks for gitattributes so that they can be extended more readily. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2022-12-09T08:05:00Z Patrick Steinhardt ps@pks.im 2022-12-01T14:46:01Z urn:sha1:a59a8c687f18db2b4c54a9d0795f93c4df1f9703 In `fsck_finish()` we check all blobs for consistency that we have found during the tree walk, but that haven't yet been checked. This is only required for gitmodules right now, but will also be required for a new check for gitattributes. Pull out a function `fsck_blobs()` that allows the caller to check a set of blobs for consistency. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2022-12-09T08:05:00Z Patrick Steinhardt ps@pks.im 2022-12-01T14:45:57Z urn:sha1:bb3a9265e505e9593faa260860f9b8929af0963e In general, we don't need to validate blob contents as they are opaque blobs about whose content Git doesn't need to care about. There are some exceptions though when blobs are linked into trees so that they would be interpreted by Git. We only have a single such check right now though, which is the one for gitmodules that has been added in the context of CVE-2018-11235. Now we have found another vulnerability with gitattributes that can lead to out-of-bounds writes and reads. So let's refactor `fsck_blob()` so that it is more extensible and can check different types of blobs. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com>