summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-10-06sha1_loose_object_info: handle errors from unpack_sha1_restLibravatar Jeff King1-2/+6
When a caller of sha1_object_info_extended() sets the "contentp" field in object_info, we call unpack_sha1_rest() but do not check whether it signaled an error. This causes two problems: 1. We pass back NULL to the caller via the contentp field, but the function returns "0" for success. A caller might reasonably expect after a successful return that it can access contentp without a NULL check and segfault. As it happens, this is impossible to trigger in the current code. There is exactly one caller which uses contentp, read_object(). And the only thing it does after a successful call is to return the content pointer to its caller, using NULL as a sentinel for errors. So in effect it converts the success code from sha1_object_info_extended() back into an error! But this is still worth addressing avoid problems for future users of "contentp". 2. Callers of unpack_sha1_rest() are expected to close the zlib stream themselves on error. Which means that we're leaking the stream. The problem in (1) comes from from c84a1f3ed4 (sha1_file: refactor read_object, 2017-06-21), which added the contentp field. Before that, we called unpack_sha1_rest() via unpack_sha1_file(), which directly used the NULL to signal an error. But note that the leak in (2) is actually older than that. The original unpack_sha1_file() directly returned the result of unpack_sha1_rest() to its caller, when it should have been closing the zlib stream itself on error. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Git 2.14.2Libravatar Junio C Hamano1-0/+11
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Sync with 2.13.6Libravatar Junio C Hamano10-56/+172
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Git 2.13.6Libravatar Junio C Hamano3-2/+19
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Sync with 2.12.5Libravatar Junio C Hamano9-56/+155
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Git 2.12.5Libravatar Junio C Hamano3-2/+19
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Sync with 2.11.4Libravatar Junio C Hamano8-56/+138
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Git 2.11.4Libravatar Junio C Hamano3-2/+19
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Sync with 2.10.5Libravatar Junio C Hamano7-56/+121
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Git 2.10.5Libravatar Junio C Hamano3-2/+19
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-22Merge branch 'jk/safe-pipe-capture' into maint-2.10Libravatar Junio C Hamano1-2/+2
2017-09-22Merge branch 'jk/cvsimport-quoting' into maint-2.10Libravatar Junio C Hamano1-0/+1
2017-09-22Merge branch 'jc/cvsserver' into maint-2.10Libravatar Junio C Hamano1-40/+37
2017-09-22Merge branch 'jk/git-shell-drop-cvsserver' into maint-2.10Libravatar Junio C Hamano3-14/+64
2017-09-12cvsimport: shell-quote variable used in backticksLibravatar Jeff King1-0/+1
We run `git rev-parse` though the shell, and quote its argument only with single-quotes. This prevents most metacharacters from being a problem, but misses the obvious case when $name itself has single-quotes in it. We can fix this by applying the usual shell-quoting formula. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-12archimport: use safe_pipe_capture for user inputLibravatar Jeff King1-2/+2
Refnames can contain shell metacharacters which need to be passed verbatim to sub-processes. Using safe_pipe_capture skips the shell entirely. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-12shell: drop git-cvsserver support by defaultLibravatar Jeff King3-14/+64
The git-cvsserver script is old and largely unmaintained these days. But git-shell allows untrusted users to run it out of the box, significantly increasing its attack surface. Let's drop it from git-shell's list of internal handlers so that it cannot be run by default. This is not backwards compatible. But given the age and development activity on CVS-related parts of Git, this is likely to impact very few users, while helping many more (i.e., anybody who runs git-shell and had no intention of supporting CVS). There's no configuration mechanism in git-shell for us to add a boolean and flip it to "off". But there is a mechanism for adding custom commands, and adding CVS support here is fairly trivial. Let's document it to give guidance to anybody who really is still running cvsserver. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-11cvsserver: use safe_pipe_capture for `constant commands` as wellLibravatar Junio C Hamano1-4/+4
This is not strictly necessary, but it is a good code hygiene. Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-11cvsserver: use safe_pipe_capture instead of backticksLibravatar joernchen1-11/+11
This makes the script pass arguments that are derived from end-user input in safer way when invoking subcommands. Reported-by: joernchen <joernchen@phenoelit.de> Signed-off-by: joernchen <joernchen@phenoelit.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-11cvsserver: move safe_pipe_capture() to the main packageLibravatar Junio C Hamano1-25/+22
As a preparation for replacing `command` with a call to this function from outside GITCVS::updater package, move it to the main package. Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-10RelNotes: further fixes for 2.14.2 from the master frontLibravatar Junio C Hamano1-0/+59
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-09-10Merge branch 'jt/doc-pack-objects-fix' into maintLibravatar Junio C Hamano1-6/+11
Doc updates. * jt/doc-pack-objects-fix: Doc: clarify that pack-objects makes packs, plural
2017-09-10Merge branch 'jn/vcs-svn-cleanup' into maintLibravatar Junio C Hamano6-86/+56
Code clean-up. * jn/vcs-svn-cleanup: vcs-svn: move remaining repo_tree functions to fast_export.h vcs-svn: remove repo_delete wrapper function vcs-svn: remove custom mode constants vcs-svn: remove more unused prototypes and declarations
2017-09-10Merge branch 'bc/vcs-svn-cleanup' into maintLibravatar Junio C Hamano3-17/+10
Code clean-up. * bc/vcs-svn-cleanup: vcs-svn: rename repo functions to "svn_repo" vcs-svn: remove unused prototypes
2017-09-10Merge branch 'jk/doc-the-this' into maintLibravatar Junio C Hamano1-2/+2
Doc clean-up. * jk/doc-the-this: doc: fix typo in sendemail.identity
2017-09-10Merge branch 'rs/commit-h-single-parent-cleanup' into maintLibravatar Junio C Hamano1-5/+0
Code clean-up. * rs/commit-h-single-parent-cleanup: commit: remove unused inline function single_parent()
2017-09-10Merge branch 'mg/format-ref-doc-fix' into maintLibravatar Junio C Hamano3-8/+9
Doc fix. * mg/format-ref-doc-fix: Documentation/git-for-each-ref: clarify peeling of tags for --format Documentation: use proper wording for ref format strings
2017-09-10Merge branch 'sb/submodule-parallel-update' into maintLibravatar Junio C Hamano1-1/+0
Code clean-up. * sb/submodule-parallel-update: submodule.sh: remove unused variable
2017-09-10Merge branch 'hv/t5526-andand-chain-fix' into maintLibravatar Junio C Hamano1-4/+4
Test fix. * hv/t5526-andand-chain-fix: t5526: fix some broken && chains
2017-09-10Merge branch 'sb/sha1-file-cleanup' into maintLibravatar Junio C Hamano2-2/+2
Code clean-up. * sb/sha1-file-cleanup: sha1_file: make read_info_alternates static
2017-09-10Merge branch 'rs/t1002-do-not-use-sum' into maintLibravatar Junio C Hamano2-35/+35
Test simplification. * rs/t1002-do-not-use-sum: t1002: stop using sum(1)
2017-09-10Merge branch 'ah/doc-empty-string-is-false' into maintLibravatar Junio C Hamano2-6/+7
Doc update. * ah/doc-empty-string-is-false: doc: clarify "config --bool" behaviour with empty string
2017-09-10Merge branch 'rs/merge-microcleanup' into maintLibravatar Junio C Hamano1-2/+2
Code clean-up. * rs/merge-microcleanup: merge: use skip_prefix()
2017-09-10Merge branch 'rs/find-pack-entry-bisection' into maintLibravatar Junio C Hamano1-2/+2
Code clean-up. * rs/find-pack-entry-bisection: sha1_file: avoid comparison if no packed hash matches the first byte
2017-09-10Merge branch 'rs/apply-lose-prefix-length' into maintLibravatar Junio C Hamano2-8/+5
Code clean-up. * rs/apply-lose-prefix-length: apply: remove prefix_length member from apply_state
2017-09-10Merge branch 'rj/add-chmod-error-message' into maintLibravatar Junio C Hamano1-3/+3
Message fix. * rj/add-chmod-error-message: builtin/add: add detail to a 'cannot chmod' error message
2017-09-10Merge branch 'jk/hashcmp-memcmp' into maintLibravatar Junio C Hamano1-8/+1
Code clean-up. * jk/hashcmp-memcmp: hashcmp: use memcmp instead of open-coded loop
2017-09-10Merge branch 'rs/t3700-clean-leftover' into maintLibravatar Junio C Hamano1-0/+1
A test fix. * rs/t3700-clean-leftover: t3700: fix broken test under !POSIXPERM
2017-09-10Merge branch 'jc/perl-git-comment-typofix' into maintLibravatar Junio C Hamano1-1/+1
A comment fix. * jc/perl-git-comment-typofix: perl/Git.pm: typofix in a comment
2017-09-10Merge branch 'mf/no-dashed-subcommands' into maintLibravatar Junio C Hamano5-10/+10
Code clean-up. * mf/no-dashed-subcommands: scripts: use "git foo" not "git-foo"
2017-09-10Merge branch 'ab/ref-filter-no-contains' into maintLibravatar Junio C Hamano1-1/+1
A test fix. * ab/ref-filter-no-contains: tests: don't give unportable ">" to "test" built-in, use -gt
2017-09-10Merge branch 'rs/archive-excluded-directory' into maintLibravatar Junio C Hamano2-11/+85
"git archive" did not work well with pathspecs and the export-ignore attribute. We may want to resurrect the "we don't archive an empty directory" bonus patch, but I do not mind merging the above early to 'next' and leave it as a separate follow-up enhancement. cf. <20170820090629.tumvqwzkromcykjf@sigill.intra.peff.net> * rs/archive-excluded-directory: archive: don't queue excluded directories archive: factor out helper functions for handling attributes t5001: add tests for export-ignore attributes and exclude pathspecs
2017-09-10Merge branch 'mg/killed-merge' into maintLibravatar Junio C Hamano3-4/+31
Killing "git merge --edit" before the editor returns control left the repository in a state with MERGE_MSG but without MERGE_HEAD, which incorrectly tells the subsequent "git commit" that there was a squash merge in progress. This has been fixed. * mg/killed-merge: merge: save merge state earlier merge: split write_merge_state in two merge: clarify call chain Documentation/git-merge: explain --continue
2017-09-10Merge branch 'tb/apply-with-crlf' into maintLibravatar Junio C Hamano4-16/+71
"git apply" that is used as a better "patch -p1" failed to apply a taken from a file with CRLF line endings to a file with CRLF line endings. The root cause was because it misused convert_to_git() that tried to do "safe-crlf" processing by looking at the index entry at the same path, which is a nonsense---in that mode, "apply" is not working on the data in (or derived from) the index at all. This has been fixed. * tb/apply-with-crlf: apply: file commited with CRLF should roundtrip diff and apply convert: add SAFE_CRLF_KEEP_CRLF
2017-09-10Merge branch 'cc/subprocess-handshake-missing-capabilities' into maintLibravatar Junio C Hamano1-2/+2
When handshake with a subprocess filter notices that the process asked for an unknown capability, Git did not report what program the offending subprocess was running. This has been corrected. We may want a follow-up fix to tighten the error checking, though. * cc/subprocess-handshake-missing-capabilities: sub-process: print the cmd when a capability is unsupported
2017-09-10Merge branch 'as/grep-quiet-no-match-exit-code-fix' into maintLibravatar Junio C Hamano2-1/+6
"git grep -L" and "git grep --quiet -L" reported different exit codes; this has been corrected. * as/grep-quiet-no-match-exit-code-fix: git-grep: correct exit code with --quiet and -L
2017-09-10Merge branch 'kd/stash-with-bash-4.4' into maintLibravatar Junio C Hamano1-2/+9
bash 4.4 or newer gave a warning on NUL byte in command substitution done in "git stash"; this has been squelched. * kd/stash-with-bash-4.4: stash: prevent warning about null bytes in input
2017-09-10Merge branch 'rs/win32-syslog-leakfix' into maintLibravatar Junio C Hamano1-0/+2
Memory leak in an error codepath has been plugged. * rs/win32-syslog-leakfix: win32: plug memory leak on realloc() failure in syslog()
2017-09-10Merge branch 'rs/unpack-entry-leakfix' into maintLibravatar Junio C Hamano1-2/+3
Memory leak in an error codepath has been plugged. * rs/unpack-entry-leakfix: sha1_file: release delta_stack on error in unpack_entry()
2017-09-10Merge branch 'rs/fsck-obj-leakfix' into maintLibravatar Junio C Hamano1-11/+11
Memory leak in an error codepath has been plugged. * rs/fsck-obj-leakfix: fsck: free buffers on error in fsck_obj()