rugged 0.24.0b13 → 0.24.0b14

data/vendor/libgit2/src/index.h

@@ -92,7 +92,7 @@ GIT_INLINE(bool) git_index_entry_newer_than_index(
 
 	/* If the timestamp is the same or newer than the index, it's racy */
 #if defined(GIT_USE_NSEC)
-	if ((int32_t)index->stamp.tv_sec < entry->mtime.seconds)
+	if ((int32_t)index->stamp.mtime.tv_sec < entry->mtime.seconds)
 		return true;
 	else if ((int32_t)index->stamp.mtime.tv_sec > entry->mtime.seconds)
 		return false;

data/vendor/libgit2/src/iterator.c

@@ -558,6 +558,8 @@ static bool tree_iterator__pop_frame(tree_iterator *ti, bool final)
 {
 	tree_iterator_frame *tf = ti->head;
 
+	assert(tf);
+
 	if (!tf->up)
 		return false;
 
@@ -581,6 +583,8 @@ static void tree_iterator__pop_all(tree_iterator *ti, bool to_end, bool final)
 	while (tree_iterator__pop_frame(ti, final)) /* pop to root */;
 
 	if (!final) {
+		assert(ti->head);
+
 		ti->head->current = to_end ? ti->head->n_entries : 0;
 		ti->path_ambiguities = 0;
 		git_buf_clear(&ti->path);
@@ -773,10 +777,12 @@ static void tree_iterator__free(git_iterator *self)
 {
 	tree_iterator *ti = (tree_iterator *)self;
 
-	tree_iterator__pop_all(ti, true, false);
+	if (ti->head) {
+		tree_iterator__pop_all(ti, true, false);
+		git_tree_free(ti->head->entries[0]->tree);
+		git__free(ti->head);
+	}
 
-	git_tree_free(ti->head->entries[0]->tree);
-	git__free(ti->head);
 	git_pool_clear(&ti->pool);
 	git_buf_free(&ti->path);
 }

data/vendor/libgit2/src/netops.c

@@ -261,6 +261,10 @@ int gitno_extract_url_parts(
 		*path = git__substrdup(_path, u.field_data[UF_PATH].len);
 		GITERR_CHECK_ALLOC(*path);
 	} else {
+		git__free(*port);
+		*port = NULL;
+		git__free(*host);
+		*host = NULL;
 		giterr_set(GITERR_NET, "invalid url, missing path");
 		return GIT_EINVALIDSPEC;
 	}

data/vendor/libgit2/src/object.c

@@ -14,6 +14,8 @@
 #include "blob.h"
 #include "tag.h"
 
+bool git_object__strict_input_validation = true;
+
 typedef struct {
 	const char	*str;	/* type name string */
 	size_t		size;	/* size in bytes of the object structure */
@@ -465,3 +467,27 @@ int git_object_short_id(git_buf *out, const git_object *obj)
 	return error;
 }
 
+bool git_object__is_valid(
+	git_repository *repo, const git_oid *id, git_otype expected_type)
+{
+	git_odb *odb;
+	git_otype actual_type;
+	size_t len;
+	int error;
+
+	if (!git_object__strict_input_validation)
+		return true;
+
+	if ((error = git_repository_odb__weakptr(&odb, repo)) < 0 ||
+		(error = git_odb_read_header(&len, &actual_type, odb, id)) < 0)
+		return false;
+
+	if (expected_type != GIT_OBJ_ANY && expected_type != actual_type) {
+		giterr_set(GITERR_INVALID,
+			"the requested type does not match the type in the ODB");
+		return false;
+	}
+
+	return true;
+}
+

data/vendor/libgit2/src/object.h

@@ -7,6 +7,10 @@
 #ifndef INCLUDE_object_h__
 #define INCLUDE_object_h__
 
+#include "repository.h"
+
+extern bool git_object__strict_input_validation;
+
 /** Base git object for inheritance */
 struct git_object {
 	git_cached_obj cached;
@@ -28,4 +32,23 @@ int git_oid__parse(git_oid *oid, const char **buffer_out, const char *buffer_end
 
 void git_oid__writebuf(git_buf *buf, const char *header, const git_oid *oid);
 
+bool git_object__is_valid(
+	git_repository *repo, const git_oid *id, git_otype expected_type);
+
+GIT_INLINE(git_otype) git_object__type_from_filemode(git_filemode_t mode)
+{
+	switch (mode) {
+	case GIT_FILEMODE_TREE:
+		return GIT_OBJ_TREE;
+	case GIT_FILEMODE_COMMIT:
+		return GIT_OBJ_COMMIT;
+	case GIT_FILEMODE_BLOB:
+	case GIT_FILEMODE_BLOB_EXECUTABLE:
+	case GIT_FILEMODE_LINK:
+		return GIT_OBJ_BLOB;
+	default:
+		return GIT_OBJ_BAD;
+	}
+}
+
 #endif

data/vendor/libgit2/src/openssl_stream.c

@@ -15,6 +15,7 @@
 #include "socket_stream.h"
 #include "netops.h"
 #include "git2/transport.h"
+#include "git2/sys/openssl.h"
 
 #ifdef GIT_CURL
 # include "curl_stream.h"
@@ -31,6 +32,115 @@
 #include <openssl/x509v3.h>
 #include <openssl/bio.h>
 
+SSL_CTX *git__ssl_ctx;
+
+#ifdef GIT_THREADS
+
+static git_mutex *openssl_locks;
+
+static void openssl_locking_function(
+	int mode, int n, const char *file, int line)
+{
+	int lock;
+
+	GIT_UNUSED(file);
+	GIT_UNUSED(line);
+
+	lock = mode & CRYPTO_LOCK;
+
+	if (lock) {
+		git_mutex_lock(&openssl_locks[n]);
+	} else {
+		git_mutex_unlock(&openssl_locks[n]);
+	}
+}
+
+static void shutdown_ssl_locking(void)
+{
+	int num_locks, i;
+
+	num_locks = CRYPTO_num_locks();
+	CRYPTO_set_locking_callback(NULL);
+
+	for (i = 0; i < num_locks; ++i)
+		git_mutex_free(openssl_locks);
+	git__free(openssl_locks);
+}
+
+#endif /* GIT_THREADS */
+
+/**
+ * This function aims to clean-up the SSL context which
+ * we allocated.
+ */
+static void shutdown_ssl(void)
+{
+	if (git__ssl_ctx) {
+		SSL_CTX_free(git__ssl_ctx);
+		git__ssl_ctx = NULL;
+	}
+}
+
+int git_openssl_stream_global_init(void)
+{
+#ifdef GIT_OPENSSL
+	long ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+
+	/* Older OpenSSL and MacOS OpenSSL doesn't have this */
+#ifdef SSL_OP_NO_COMPRESSION
+	ssl_opts |= SSL_OP_NO_COMPRESSION;
+#endif
+
+	SSL_load_error_strings();
+	OpenSSL_add_ssl_algorithms();
+	/*
+	 * Load SSLv{2,3} and TLSv1 so that we can talk with servers
+	 * which use the SSL hellos, which are often used for
+	 * compatibility. We then disable SSL so we only allow OpenSSL
+	 * to speak TLSv1 to perform the encryption itself.
+	 */
+	git__ssl_ctx = SSL_CTX_new(SSLv23_method());
+	SSL_CTX_set_options(git__ssl_ctx, ssl_opts);
+	SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY);
+	SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL);
+	if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) {
+		SSL_CTX_free(git__ssl_ctx);
+		git__ssl_ctx = NULL;
+		return -1;
+	}
+#endif
+
+	git__on_shutdown(shutdown_ssl);
+
+	return 0;
+}
+
+int git_openssl_set_locking(void)
+{
+#ifdef GIT_THREADS
+	int num_locks, i;
+
+	num_locks = CRYPTO_num_locks();
+	openssl_locks = git__calloc(num_locks, sizeof(git_mutex));
+	GITERR_CHECK_ALLOC(openssl_locks);
+
+	for (i = 0; i < num_locks; i++) {
+		if (git_mutex_init(&openssl_locks[i]) != 0) {
+			giterr_set(GITERR_SSL, "failed to initialize openssl locks");
+			return -1;
+		}
+	}
+
+	CRYPTO_set_locking_callback(openssl_locking_function);
+	git__on_shutdown(shutdown_ssl_locking);
+	return 0;
+#else
+	giterr_set(GITERR_THREAD, "libgit2 as not built with threads");
+	return -1;
+#endif
+}
+
+
 static int bio_create(BIO *b)
 {
 	b->init = 1;
@@ -158,7 +268,6 @@ static int ssl_teardown(SSL *ssl)
 	else
 		ret = 0;
 
-	SSL_free(ssl);
 	return ret;
 }
 
@@ -274,6 +383,8 @@ static int verify_server_cert(SSL *ssl, const char *host)
 			GITERR_CHECK_ALLOC(peer_cn);
 			memcpy(peer_cn, ASN1_STRING_data(str), size);
 			peer_cn[size] = '\0';
+		} else {
+			goto cert_fail_name;
 		}
 	} else {
 		int size = ASN1_STRING_to_UTF8(&peer_cn, str);
@@ -421,6 +532,7 @@ void openssl_free(git_stream *stream)
 {
 	openssl_stream *st = (openssl_stream *) stream;
 
+	SSL_free(st->ssl);
 	git__free(st->host);
 	git__free(st->cert_info.data);
 	git_stream_free(st->io);
@@ -435,6 +547,7 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
 	st = git__calloc(1, sizeof(openssl_stream));
 	GITERR_CHECK_ALLOC(st);
 
+	st->io = NULL;
 #ifdef GIT_CURL
 	error = git_curl_stream_new(&st->io, host, port);
 #else
@@ -442,12 +555,13 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
 #endif
 
 	if (error < 0)
-		return error;
+		goto out_err;
 
 	st->ssl = SSL_new(git__ssl_ctx);
 	if (st->ssl == NULL) {
 		giterr_set(GITERR_SSL, "failed to create ssl object");
-		return -1;
+		error = -1;
+		goto out_err;
 	}
 
 	st->host = git__strdup(host);
@@ -466,11 +580,29 @@ int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
 
 	*out = (git_stream *) st;
 	return 0;
+
+out_err:
+	git_stream_free(st->io);
+	git__free(st);
+
+	return error;
 }
 
 #else
 
 #include "stream.h"
+#include "git2/sys/openssl.h"
+
+int git_openssl_stream_global_init(void)
+{
+	return 0;
+}
+
+int git_openssl_set_locking(void)
+{
+	giterr_set(GITERR_SSL, "libgit2 was not built with OpenSSL support");
+	return -1;
+}
 
 int git_openssl_stream_new(git_stream **out, const char *host, const char *port)
 {

data/vendor/libgit2/src/openssl_stream.h

@@ -9,6 +9,8 @@
 
 #include "git2/sys/stream.h"
 
+extern int git_openssl_stream_global_init(void);
+
 extern int git_openssl_stream_new(git_stream **out, const char *host, const char *port);
 
 #endif

data/vendor/libgit2/src/pack-objects.c

@@ -629,10 +629,8 @@ static int write_pack(git_packbuilder *pb,
 	int error = 0;
 
 	write_order = compute_write_order(pb);
-	if (write_order == NULL) {
-		error = -1;
-		goto done;
-	}
+	if (write_order == NULL)
+		return -1;
 
 	/* Write pack header */
 	ph.hdr_signature = htonl(PACK_SIGNATURE);
@@ -850,9 +848,11 @@ static int try_delta(git_packbuilder *pb, struct unpacked *trg,
 
 		git_packbuilder__cache_unlock(pb);
 
-		if (overflow ||
-			!(trg_object->delta_data = git__realloc(delta_buf, delta_size)))
+		if (overflow)
 			return -1;
+
+		trg_object->delta_data = git__realloc(delta_buf, delta_size);
+		GITERR_CHECK_ALLOC(trg_object->delta_data);
 	} else {
 		/* create delta when writing the pack */
 		git_packbuilder__cache_unlock(pb);

data/vendor/libgit2/src/pack.c

@@ -365,9 +365,14 @@ static unsigned char *pack_window_open(
 	 * pointless to ask for an offset into the middle of that
 	 * hash, and the pack_window_contains function above wouldn't match
 	 * don't allow an offset too close to the end of the file.
+	 *
+	 * Don't allow a negative offset, as that means we've wrapped
+	 * around.
 	 */
 	if (offset > (p->mwf.size - 20))
 		return NULL;
+	if (offset < 0)
+		return NULL;
 
 	return git_mwindow_open(&p->mwf, w_cursor, offset, 20, left);
  }
@@ -1175,6 +1180,7 @@ int git_packfile_alloc(struct git_pack_file **pack_out, const char *path)
 static git_off_t nth_packed_object_offset(const struct git_pack_file *p, uint32_t n)
 {
 	const unsigned char *index = p->index_map.data;
+	const unsigned char *end = index + p->index_map.len;
 	index += 4 * 256;
 	if (p->index_version == 1) {
 		return ntohl(*((uint32_t *)(index + 24 * n)));
@@ -1185,6 +1191,11 @@ static git_off_t nth_packed_object_offset(const struct git_pack_file *p, uint32_
 		if (!(off & 0x80000000))
 			return off;
 		index += p->num_objects * 4 + (off & 0x7fffffff) * 8;
+
+		/* Make sure we're not being sent out of bounds */
+		if (index >= end - 8)
+			return -1;
+
 		return (((uint64_t)ntohl(*((uint32_t *)(index + 0)))) << 32) |
 					ntohl(*((uint32_t *)(index + 4)));
 	}
@@ -1264,6 +1275,7 @@ static int pack_entry_find_offset(
 	const unsigned char *index = p->index_map.data;
 	unsigned hi, lo, stride;
 	int pos, found = 0;
+	git_off_t offset;
 	const unsigned char *current = 0;
 
 	*offset_out = 0;
@@ -1336,7 +1348,12 @@ static int pack_entry_find_offset(
 	if (found > 1)
 		return git_odb__error_ambiguous("found multiple offsets for pack entry");
 
-	*offset_out = nth_packed_object_offset(p, pos);
+	if ((offset = nth_packed_object_offset(p, pos)) < 0) {
+		giterr_set(GITERR_ODB, "packfile index is corrupt");
+		return -1;
+	}
+
+	*offset_out = offset;
 	git_oid_fromraw(found_oid, current);
 
 #ifdef INDEX_DEBUG_LOOKUP

data/vendor/libgit2/src/path.c

@@ -705,8 +705,7 @@ int git_path_resolve_relative(git_buf *path, size_t ceiling)
 	char *base, *to, *from, *next;
 	size_t len;
 
-	if (!path || git_buf_oom(path))
-		return -1;
+	GITERR_CHECK_ALLOC_BUF(path);
 
 	if (ceiling > path->size)
 		ceiling = path->size;
@@ -1630,9 +1629,12 @@ static bool verify_component(
 		!verify_dotgit_ntfs(repo, component, len))
 		return false;
 
+	/* don't bother rerunning the `.git` test if we ran the HFS or NTFS
+	 * specific tests, they would have already rejected `.git`.
+	 */
 	if ((flags & GIT_PATH_REJECT_DOT_GIT_HFS) == 0 &&
 		(flags & GIT_PATH_REJECT_DOT_GIT_NTFS) == 0 &&
-		(flags & GIT_PATH_REJECT_DOT_GIT) &&
+		(flags & GIT_PATH_REJECT_DOT_GIT_LITERAL) &&
 		len == 4 &&
 		component[0] == '.' &&
 		(component[1] == 'g' || component[1] == 'G') &&
@@ -1649,6 +1651,8 @@ GIT_INLINE(unsigned int) dotgit_flags(
 {
 	int protectHFS = 0, protectNTFS = 0;
 
+	flags |= GIT_PATH_REJECT_DOT_GIT_LITERAL;
+
 #ifdef __APPLE__
 	protectHFS = 1;
 #endif