We're currently running it as part of the online suite but that doesn't have any
setup for ssh so we won't find the GitHub keys we set up during the test.
It doesn't need the private key setup as we just want to make sure we see some
auth request from the server, but with the addition of hostkey checking we're
now seeing it fail when we skip these tests.
Currently just the one test needs it.
The ssh-rsa makes sure we're asking for the cipher we find in `known_hosts` as
that won't be the one selected by default. This will be relevant in later changes.
slide_hash knowingly reads (possibly) uninitialised memory, see comment
lower down about prev[n] potentially being garbage. In this case, the
result is never used - so we don't care about MSAN complaining about
this read.
By adding the no_sanitize("memory") attribute, clients of zlib won't
see this (unnecessary) error when building and running with
MemorySanitizer. An alternative approach is for clients to build zlib
with -fsanitize-ignorelist=... where the ignorelist contains something
like 'fun:slide_hash'. But that's more work and needs to be redone
for any and all CI systems running a given project with MSAN. Adding
this annotation to zlib's sources is overall more convenient - but
also won't affect non-MSAN builds.
This specific issue was found while running git's test suite, but has
also been reported by other clients, see e.g. #518.
In the ownership checks implemented for CVE-2022-24765, we disallowed
users to access their own repositories when running with `sudo`.
Examine the `SUDO_UID` environment variable and allow users running
with `sudo`. This matches git's behavior.
To match git's behavior with CVE 2022-29187, validate not only the
working directory, but also the gitdir and gitlink (if it exists). This
a follow up to CVE-2022-24765 that was fixed earlier.
Allow the user ownership to match if the file is owned by the admin
group and the user is in the admin group, even if the current process is
not running as administrator directly.
The file ownership concepts can reflect the actual file ownership, they
are not necessarily limited to mocking the interface. Rename them so
that they can be more broadly applicable.
Originally introduced in: 776a6a8e5f
This test case has recently been fixed in bdab22384c, but that fix will only last for a year. Next year the same problem will crop up and the test will need to be re-edited.
This is not ideal as
- This test case becomes an unnecessary burden for developers
- Downstream distros or even just users who want to build older versions of libgit2 are guaranteed to have this test fail
Furthermore, this test case is entirely unnecessary, as the functionality that was originally (see 776a6a8e5f) intended to be tested is well-covered by subsequent tests which specify a date instead of a "x ago" specification.
This fixes a crash in test cases
test_diff_parse__new_file_with_space_and_regenerate_patch
and
test_diff_parse__delete_file_with_space_and_regenerate_patch
There was a missing check to ensure that the `off64_t` (which is a
signed value) didn't overflow when parsing it from the midx file. This
shouldn't have huge repercusions since the parsed value is immediately
validated afterwards, but then again, there is no such thing as "benign"
undefined behavior.
This change makes all the bitwise arithmetic happen with unsigned types
and is only casted to `off64_t` until the very end.
Thanks to Taotao Gu for finding and reporting this!
Obey the `safe.directory` configuration variable if it is set in the
global or system configuration. (Do not try to load this from the
repository configuration - to avoid malicious repositories that then
mark themselves as safe.)
Ensure that the repository directory is owned by the current user; this
prevents us from opening configuration files that may have been created
by an attacker.
Allow for no Git for Windows installation. When there is no GfW found
in the path or registry, `git_win32__find_system_dirs` would return a
`GIT_ENOTFOUND`. Callers were not expecting this. Since this is no
error, we simply return `0` so that callers can move on with their
lives.
We use `git_error_set_after_callback_function` to determine whether
`update_tips` returned an error but do not store its return value making us
think it always returns 0.
Fix it by adding the common patter of storing it inside the `if` when calling it.
We've added a lovely abstraction layer in xdiff so that it can call our
allocation functions. But it also needs to call our free functions. We
missed some `free` calls in `xmerge.c`. Update them to use `xdl_free`.
Without this, we will pass a pointer allocated with a custom allocator
to the system free function. 💣
