Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Pursehouse2018-12-18 10:53:26 +0000
committerDavid Pursehouse2018-12-20 02:41:02 +0000
commitf4fc6404baac5a6a5db34f71e62fb62fd8f1b8ef (patch)
tree5fd72ba429af2477a1e7bbe3c52295ad32c3ed3b
parent2269669fb11224da272aebe2f02393388c62a0fd (diff)
downloadjgit-f4fc640.tar.gz
jgit-f4fc640.tar.xz
jgit-f4fc640.zip
BasePackConnection: Check for expected length of ref advertisement
When a server sends a ref advertisement using protocol v2 it contains lines other than ref names and sha1s. Attempting to get the sha1 out of such a line using the substring method can result in a SIOOB error when it doesn't actually contain the sha1 and ref name. Add a check that the line is of the expected length, and subsequently that the extracted object id is valid, and if not throw an exception. Change-Id: Id92fe66ff8b6deb2cf987d81929f8d0602c399f4 Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
-rw-r--r--org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties1
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java1
-rw-r--r--org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java16
3 files changed, 17 insertions, 1 deletions
diff --git a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
index 3f1d21289f..b0c952cd4c 100644
--- a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
+++ b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
@@ -390,6 +390,7 @@ invalidPathPeriodAtEndWindows=Invalid path (period at end is ignored by Windows)
invalidPathSpaceAtEndWindows=Invalid path (space at end is ignored by Windows): {0}
invalidPathReservedOnWindows=Invalid path (''{0}'' is reserved on Windows): {1}
invalidRedirectLocation=Invalid redirect location {0} -> {1}
+invalidRefAdvertisementLine=Invalid ref advertisement line: ''{1}''
invalidReflogRevision=Invalid reflog revision: {0}
invalidRefName=Invalid ref name: {0}
invalidReftableBlock=Invalid reftable block
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
index c11ae5a526..6e99ca739e 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
@@ -451,6 +451,7 @@ public class JGitText extends TranslationBundle {
/***/ public String invalidPathSpaceAtEndWindows;
/***/ public String invalidPathReservedOnWindows;
/***/ public String invalidRedirectLocation;
+ /***/ public String invalidRefAdvertisementLine;
/***/ public String invalidReflogRevision;
/***/ public String invalidRefName;
/***/ public String invalidReftableBlock;
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java
index 38eae1cd48..fcf78ac7b9 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java
@@ -57,6 +57,7 @@ import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Set;
+import org.eclipse.jgit.errors.InvalidObjectIdException;
import org.eclipse.jgit.errors.NoRemoteRepositoryException;
import org.eclipse.jgit.errors.PackProtocolException;
import org.eclipse.jgit.errors.RemoteRepositoryException;
@@ -222,6 +223,10 @@ abstract class BasePackConnection extends BaseConnection {
}
}
+ // Expecting to get a line in the form "sha1 refname"
+ if (line.length() < 41 || line.charAt(40) != ' ') {
+ throw invalidRefAdvertisementLine(line);
+ }
String name = line.substring(41, line.length());
if (avail.isEmpty() && name.equals("capabilities^{}")) { //$NON-NLS-1$
// special line from git-receive-pack to show
@@ -229,7 +234,12 @@ abstract class BasePackConnection extends BaseConnection {
continue;
}
- final ObjectId id = ObjectId.fromString(line.substring(0, 40));
+ final ObjectId id;
+ try {
+ id = ObjectId.fromString(line.substring(0, 40));
+ } catch (InvalidObjectIdException e) {
+ throw invalidRefAdvertisementLine(line);
+ }
if (name.equals(".have")) { //$NON-NLS-1$
additionalHaves.add(id);
} else if (name.endsWith("^{}")) { //$NON-NLS-1$
@@ -318,6 +328,10 @@ abstract class BasePackConnection extends BaseConnection {
return new PackProtocolException(uri, MessageFormat.format(JGitText.get().duplicateAdvertisementsOf, name));
}
+ private PackProtocolException invalidRefAdvertisementLine(String line) {
+ return new PackProtocolException(uri, MessageFormat.format(JGitText.get().invalidRefAdvertisementLine, line));
+ }
+
/** {@inheritDoc} */
@Override
public void close() {

Back to the top