From: Jeff King <peff@peff.net>
To: "René Scharfe" <rene.scharfe@lsrfire.ath.cx>
Cc: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>,
"Elia Pinto" <gitter.spiros@gmail.com>,
git@vger.kernel.org, "Scott Chacon" <schacon@gmail.com>,
"Linus Torvalds" <torvalds@linux-foundation.org>
Subject: Re: When Will We See Collisions for SHA-1? (An interesting analysis by Bruce Schneier)
Date: Tue, 16 Oct 2012 13:32:54 -0400 [thread overview]
Message-ID: <20121016173254.GD27243@sigill.intra.peff.net> (raw)
In-Reply-To: <507D4651.6080207@lsrfire.ath.cx>
On Tue, Oct 16, 2012 at 01:34:41PM +0200, René Scharfe wrote:
> FWIW, I couldn't measure a performance difference for git log with and
> without the following patch, which catches commits created with your
> hash collision trick, but might be too strict:
>
> diff --git a/commit.c b/commit.c
> index 213bc98..4cd1e83 100644
> --- a/commit.c
> +++ b/commit.c
> @@ -262,6 +262,12 @@ int parse_commit_buffer(struct commit *item, const void *buffer, unsigned long s
> if (item->object.parsed)
> return 0;
> item->object.parsed = 1;
> +
> + if (memchr(buffer, '\0', size)) {
> + return error("bogus commit contains a NUL character: %s",
> + sha1_to_hex(item->object.sha1));
> + }
> +
Hmm. Yeah, that should be relatively inexpensive, since we are about to
read through most of the bytes anyway (we probably have just zlib
inflated them all, so they would even be in cache). It might make more
of a difference for a raw traversal that is not even going to look at
below the header, like rev-list or merge-base. But I couldn't measure a
difference doing "git rev-list HEAD >/dev/null" in either git.git or
linux-2.6.git.
So maybe it is worth doing preemptively. Even without security concerns,
we would be truncating the commit message, so it is probably better to
let the user know (a warning is probably more appropriate, though, just
in case somebody does have embedded NULs for historical reason).
-Peff
next prev parent reply other threads:[~2012-10-16 17:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-15 16:42 When Will We See Collisions for SHA-1? (An interesting analysis by Bruce Schneier) Elia Pinto
2012-10-15 17:47 ` Ævar Arnfjörð Bjarmason
2012-10-15 18:09 ` Elia Pinto
2012-10-15 18:34 ` Jeff King
2012-10-15 19:09 ` Elia Pinto
2012-10-15 19:14 ` Jeff King
2012-10-16 11:34 ` René Scharfe
2012-10-16 17:32 ` Jeff King [this message]
2012-10-16 17:58 ` Theodore Ts'o
2012-10-16 18:27 ` Jeff King
2012-10-16 18:32 ` david
2012-10-16 18:54 ` Jeff King
2012-10-16 20:09 ` Junio C Hamano
2012-10-17 8:05 ` Peter Todd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121016173254.GD27243@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitter.spiros@gmail.com \
--cc=rene.scharfe@lsrfire.ath.cx \
--cc=schacon@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).