Re: Segmentation fault found while fuzzing .pack file under 2.7.0.rc3

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jacek Wielemborek <d33tah@gmail.com>
To: Jonathan Nieder <jrnieder@gmail.com>, Jeff King <peff@peff.net>
Cc: git@vger.kernel.org
Subject: Re: Segmentation fault found while fuzzing .pack file under 2.7.0.rc3
Date: Wed, 6 Jan 2016 10:27:33 +0100	[thread overview]
Message-ID: <568CDE05.5040602@gmail.com> (raw)
In-Reply-To: <20160106002333.GA16090@google.com>

[-- Attachment #1: Type: text/plain, Size: 983 bytes --]

W dniu 06.01.2016 o 01:23, Jonathan Nieder pisze:
> Jeff King wrote:
> 
>> Git packfiles come from two places:
>>
>>   1. Local maintenance repacks loose and already-packed objects into a
>>      new packfile. We trust the local repack process to generate a valid
>>      packfile (though the contents of individual objects may be
>>      untrusted, of course).
> 
> I think we should reconsider such trust.  If one user creates a
> malicious pack, if another user uses read-only git commands to access
> the repository (after inspecting .git/config to make sure it doesn't
> contain anything scary) the result should not be arbitrary code
> execution.
> 
> Producing bogus output or aborting is okay; arbitrary code execution
> less so.
> 
> Thanks,
> Jonathan

I'd be happy to help you go through the fuzzing process - I don't have
enough horsepower and codebase knowledge to do it on my own though. If
you have an afl-fuzz question though, let me know.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

next prev parent reply	other threads:[~2016-01-06  9:27 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-05 13:44 Segmentation fault found while fuzzing .pack file under 2.7.0.rc3 Jacek Wielemborek
2016-01-05 15:24 ` Jeff King
2016-01-06  0:23   ` Jonathan Nieder
2016-01-06  7:23     ` Jeff King
2016-01-06  9:27     ` Jacek Wielemborek [this message]
2016-01-06  9:46   ` Duy Nguyen
2016-01-06 12:51     ` Jacek Wielemborek
2016-01-07 19:37   ` Junio C Hamano
2016-01-07 22:54     ` Junio C Hamano
2016-01-11 21:33       ` Jeff King
2016-02-24 11:05       ` Jeff King
2016-02-24 18:48         ` Junio C Hamano
2016-02-25 14:12           ` Jeff King

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=568CDE05.5040602@gmail.com \
    --to=d33tah@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=jrnieder@gmail.com \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.