* [PATCH] Prevent users from adding the file that has all-zero SHA-1
@ 2011-09-17 11:39 Nguyễn Thái Ngọc Duy
2011-09-18 17:06 ` Mikael Magnusson
2011-09-20 6:25 ` Ramkumar Ramachandra
0 siblings, 2 replies; 5+ messages in thread
From: Nguyễn Thái Ngọc Duy @ 2011-09-17 11:39 UTC (permalink / raw)
To: git; +Cc: Nguyễn Thái Ngọc Duy
This particular SHA-1 has special meaning to git, very much like NULL
in C. If a user adds a file that has this SHA-1, unexpected things can
happen.
Granted, the chance is probably near zero because the content must
also start with valid blob header. But extra safety does not harm.
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
---
Another way than die() is to detect this situation and update header a
little to give different SHA-1 (for example a leading 0 in object
size in header). Older git versions may not be happy with such an
approach.
The same check can be added to commit, tree, tag creation and fsck.
Maybe I'm too paranoid.
By the way, are any other SHA-1s sensitive to git like this one?
sha1_file.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/sha1_file.c b/sha1_file.c
index 064a330..76be0dd 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -2748,6 +2748,11 @@ int index_fd(unsigned char *sha1, int fd, struct stat *st,
else
ret = index_stream(sha1, fd, size, type, path, flags);
close(fd);
+ if (!ret && is_null_sha1(sha1))
+ die(_("You are very unluckly.\n"
+ "You cannot add '%s' because this particular SHA-1 is used internally by git.\n"
+ "Any chance you can modify this file just a little to give different SHA-1?"),
+ path);
return ret;
}
--
1.7.3.1.256.g2539c.dirty
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH] Prevent users from adding the file that has all-zero SHA-1
2011-09-17 11:39 [PATCH] Prevent users from adding the file that has all-zero SHA-1 Nguyễn Thái Ngọc Duy
@ 2011-09-18 17:06 ` Mikael Magnusson
2011-09-19 9:26 ` Nguyen Thai Ngoc Duy
2011-09-20 6:25 ` Ramkumar Ramachandra
1 sibling, 1 reply; 5+ messages in thread
From: Mikael Magnusson @ 2011-09-18 17:06 UTC (permalink / raw)
To: Nguyễn Thái Ngọc Duy; +Cc: git
2011/9/17 Nguyễn Thái Ngọc Duy <pclouds@gmail.com>:
> This particular SHA-1 has special meaning to git, very much like NULL
> in C. If a user adds a file that has this SHA-1, unexpected things can
> happen.
>
> Granted, the chance is probably near zero because the content must
> also start with valid blob header. But extra safety does not harm.
>
> Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com>
> ---
> Another way than die() is to detect this situation and update header a
> little to give different SHA-1 (for example a leading 0 in object
> size in header). Older git versions may not be happy with such an
> approach.
>
> The same check can be added to commit, tree, tag creation and fsck.
> Maybe I'm too paranoid.
>
> By the way, are any other SHA-1s sensitive to git like this one?
Bad things will happen if you get an object with the same hash as any
already existing one, and AFAIK, there are no checks for this. I don't
think there's much point in treating 000...0 more specially than
HEAD^0 for example. The only two hashes that mean something in an
empty repo I guess are this one and the empty tree hash though.
PS there's a typo in your error message, "unluckly".
--
Mikael Magnusson
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Prevent users from adding the file that has all-zero SHA-1
2011-09-17 11:39 [PATCH] Prevent users from adding the file that has all-zero SHA-1 Nguyễn Thái Ngọc Duy
2011-09-18 17:06 ` Mikael Magnusson
@ 2011-09-20 6:25 ` Ramkumar Ramachandra
2011-09-20 10:13 ` Nguyen Thai Ngoc Duy
1 sibling, 1 reply; 5+ messages in thread
From: Ramkumar Ramachandra @ 2011-09-20 6:25 UTC (permalink / raw)
To: Nguyễn Thái Ngọc Duy; +Cc: git
Hi Nguyễn,
Nguyễn Thái Ngọc Duy writes:
> This particular SHA-1 has special meaning to git, very much like NULL
> in C. If a user adds a file that has this SHA-1, unexpected things can
> happen.
> [...]
Interesting patch. Is it possible to write some sort of testcase?
-- Ram
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Prevent users from adding the file that has all-zero SHA-1
2011-09-20 6:25 ` Ramkumar Ramachandra
@ 2011-09-20 10:13 ` Nguyen Thai Ngoc Duy
0 siblings, 0 replies; 5+ messages in thread
From: Nguyen Thai Ngoc Duy @ 2011-09-20 10:13 UTC (permalink / raw)
To: Ramkumar Ramachandra; +Cc: git
2011/9/20 Ramkumar Ramachandra <artagnon@gmail.com>:
> Hi Nguyễn,
>
> Nguyễn Thái Ngọc Duy writes:
>> This particular SHA-1 has special meaning to git, very much like NULL
>> in C. If a user adds a file that has this SHA-1, unexpected things can
>> happen.
>> [...]
>
> Interesting patch. Is it possible to write some sort of testcase?
Naah. I tested it by explicitly clear the result hash, just before it
gets to my changes, then do "git add <blah>".
--
Duy
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-09-20 10:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-17 11:39 [PATCH] Prevent users from adding the file that has all-zero SHA-1 Nguyễn Thái Ngọc Duy
2011-09-18 17:06 ` Mikael Magnusson
2011-09-19 9:26 ` Nguyen Thai Ngoc Duy
2011-09-20 6:25 ` Ramkumar Ramachandra
2011-09-20 10:13 ` Nguyen Thai Ngoc Duy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).