From: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
To: git@vger.kernel.org, Shawn Pearce <spearce@spearce.org>,
Junio C Hamano <gitster@pobox.com>
Cc: "Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>
Subject: [PATCH] fetch-pack: check for valid commit from server
Date: Fri, 19 Aug 2011 22:11:33 +0700 [thread overview]
Message-ID: <1313766693-20798-1-git-send-email-pclouds@gmail.com> (raw)
In-Reply-To: <1313674563-12755-1-git-send-email-pclouds@gmail.com>
A malicious server can return ACK with non-existent SHA-1 or not a
commit. lookup_commit() in this case may return NULL. Do not let
fetch-pack crash by accessing NULL address in this case.
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
2011/8/19 Shawn Pearce <spearce@spearce.org>:
> 2011/8/18 Nguyễn Thái Ngọc Duy <pclouds@gmail.com>:
>> However it raises another question, what if the other end returns a
>> valid commit, but not the one in "have" line fetch-pack sent? Are we
>> OK with that?
>
> Not really. The server is not supposed to return a SHA-1 in the ACK
> line unless the client said it first in a have line. So aborting with
> an error is reasonable thing for a client to do.
I assumed I could check result_sha1 against sha1. If it did not match,
fetch-pack would abort. But I was wrong because fetch-pack would send
a few have lines before receiving the first ack (which carries sha1
of some 'have' line in the middle, not the last 'have'). I'd leave it
here if anyone wants to tackle it.
builtin/fetch-pack.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/builtin/fetch-pack.c b/builtin/fetch-pack.c
index 4367984..561f1a3 100644
--- a/builtin/fetch-pack.c
+++ b/builtin/fetch-pack.c
@@ -395,6 +395,9 @@ static int find_common(int fd[2], unsigned char *result_sha1,
case ACK_continue: {
struct commit *commit =
lookup_commit(result_sha1);
+ if (!commit)
+ die("server ACK contained unknown commit %s",
+ sha1_to_hex(result_sha1));
if (args.stateless_rpc
&& ack == ACK_common
&& !(commit->object.flags & COMMON)) {
--
1.7.4.74.g639db
next prev parent reply other threads:[~2011-08-19 15:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-18 13:36 [PATCH] fetch-pack: check for valid commit from server Nguyễn Thái Ngọc Duy
2011-08-18 21:32 ` Shawn Pearce
2011-08-19 4:19 ` Nguyen Thai Ngoc Duy
2011-08-19 15:11 ` Nguyễn Thái Ngọc Duy [this message]
2011-08-19 20:18 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1313766693-20798-1-git-send-email-pclouds@gmail.com \
--to=pclouds@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).