[PATCH] Prevent users from adding the file that has all-zero SHA-1

[PATCH] Prevent users from adding the file that has all-zero SHA-1

[Nguyễn Thái Ngọc Duy]

This particular SHA-1 has special meaning to git, very much like NULL
in C. If a user adds a file that has this SHA-1, unexpected things can
happen.

Granted, the chance is probably near zero because the content must
also start with valid blob header. But extra safety does not harm.

Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
 Another way than die() is to detect this situation and update header a
 little to give different SHA-1 (for example a leading 0 in object
 size in header). Older git versions may not be happy with such an
 approach.

 The same check can be added to commit, tree, tag creation and fsck.
 Maybe I'm too paranoid.

 By the way, are any other SHA-1s sensitive to git like this one?

 sha1_file.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/sha1_file.c b/sha1_file.c
index 064a330..76be0dd 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -2748,6 +2748,11 @@ int index_fd(unsigned char *sha1, int fd, struct stat *st,
 	else
 		ret = index_stream(sha1, fd, size, type, path, flags);
 	close(fd);
+	if (!ret && is_null_sha1(sha1))
+		die(_("You are very unluckly.\n"
+		      "You cannot add '%s' because this particular SHA-1 is used internally by git.\n"
+		      "Any chance you can modify this file just a little to give different SHA-1?"),
+		    path);
 	return ret;
 }
 
-- 
1.7.3.1.256.g2539c.dirty

Re: [PATCH] Prevent users from adding the file that has all-zero SHA-1

[Mikael Magnusson]

2011/9/17 Nguyễn Thái Ngọc Duy <pclouds@gmail.com>:
> This particular SHA-1 has special meaning to git, very much like NULL
> in C. If a user adds a file that has this SHA-1, unexpected things can
> happen.
>
> Granted, the chance is probably near zero because the content must
> also start with valid blob header. But extra safety does not harm.
>
> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
> ---
>  Another way than die() is to detect this situation and update header a
>  little to give different SHA-1 (for example a leading 0 in object
>  size in header). Older git versions may not be happy with such an
>  approach.
>
>  The same check can be added to commit, tree, tag creation and fsck.
>  Maybe I'm too paranoid.
>
>  By the way, are any other SHA-1s sensitive to git like this one?

Bad things will happen if you get an object with the same hash as any
already existing one, and AFAIK, there are no checks for this. I don't
think there's much point in treating 000...0 more specially than
HEAD^0 for example. The only two hashes that mean something in an
empty repo I guess are this one and the empty tree hash though.

PS there's a typo in your error message, "unluckly".

-- 
Mikael Magnusson

Re: [PATCH] Prevent users from adding the file that has all-zero SHA-1

[Nguyen Thai Ngoc Duy]

2011/9/19 Mikael Magnusson <mikachu@gmail.com>:
> Bad things will happen if you get an object with the same hash as any
> already existing one, and AFAIK, there are no checks for this.

Right. Forgot this, thanks.
-- 
Duy

Re: [PATCH] Prevent users from adding the file that has all-zero SHA-1

[Ramkumar Ramachandra]

Hi Nguyễn,

Nguyễn Thái Ngọc Duy writes:
> This particular SHA-1 has special meaning to git, very much like NULL
> in C. If a user adds a file that has this SHA-1, unexpected things can
> happen.
> [...]

Interesting patch.  Is it possible to write some sort of testcase?

-- Ram

Re: [PATCH] Prevent users from adding the file that has all-zero SHA-1

[Nguyen Thai Ngoc Duy]

2011/9/20 Ramkumar Ramachandra <artagnon@gmail.com>:
> Hi Nguyễn,
>
> Nguyễn Thái Ngọc Duy writes:
>> This particular SHA-1 has special meaning to git, very much like NULL
>> in C. If a user adds a file that has this SHA-1, unexpected things can
>> happen.
>> [...]
>
> Interesting patch.  Is it possible to write some sort of testcase?

Naah. I tested it by explicitly clear the result hash, just before it
gets to my changes, then do "git add <blah>".
-- 
Duy