10000 Comparing v1.6.4...maint/v1.6 · libgit2/libgit2 · GitHub
[go: up one dir, main page]
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: libgit2/libgit2
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.6.4
Choose a base ref
...
head repository: libgit2/libgit2
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: maint/v1.6
Choose a head ref
  • 6 commits
  • 8 files changed
  • 1 contributor

Commits on Jan 12, 2024

  1. transport: safely handle messages with no caps 

    If there are no caps, don't try to advance past the first NULL to look
for object-format. This prevents a possible out-of-bounds read.
    @ethomson
    ethomson committed Jan 12, 2024
    Configuration menu
    Copy the full SHA
    1619a0a View commit details
    Browse the repository at this point in the history

  2. revparse: fix parsing bug for trailing @ 

    When parsing a revspec that ends with a trailing `@`, explicitly stop
parsing. Introduce a sentinel variable to explicitly stop parsing.

Prior to this, we would set `spec` to `HEAD`, but were looping on the
value of `spec[pos]`, so we would continue walking the (new) `spec`
at offset `pos`, looking for a NUL. This is obviously an out-of-bounds
read.

Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
    @ethomson
    ethomson committed Jan 12, 2024
    Configuration menu
    Copy the full SHA
    c9d31b7 View commit details
    Browse the repository at this point in the history

  3. index: test adding two identical slash-prefix paths 

    Ensure that we can `git_index_add` a slash-prefixed path, followed by
re-adding the same path. The original entry should be replaced by the
new entry.
    @ethomson
    ethomson committed Jan 12, 2024
    Configuration menu
    Copy the full SHA
    05cf155 View commit details
    Browse the repository at this point in the history

  4. index: correct index has_dir_name check 

    `has_dir_name` is used to check for directory/file collisions,
and attempts to determine whether the index contains a file with
a directory name that is a proper subset of the new index entry
that we're trying to add.

To determine directory name, the function would walk the path string
backwards to identify a `/`, stopping at the end of the string. However,
the function assumed that the strings did not start with a `/`. If the
paths contain only a single `/` at the beginning of the string, then the
function would continue the loop, erroneously, when they should have
stopped at the first character.

Correct the order of the tests to terminate properly.

Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
    @ethomson
    ethomson committed Jan 12, 2024
    Configuration menu
    Copy the full SHA
    eb4c171 View commit details
    Browse the repository at this point in the history

  5. v1.6.5: add changelog

    @ethomson
    ethomson committed Jan 12, 2024
    Configuration menu
    Copy the full SHA
    a8a98be View commit details
    Browse the repository at this point in the history

  6. v1.6.5: update version numbers

    @ethomson
    ethomson committed Jan 12, 2024
    Configuration menu
    Copy the full SHA
    1555785 View commit details
    Browse the repository at this point in the history
Loading
0