Re: Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

On Mon, Sep 26, 2016 at 11:10:54AM -0700, Junio C Hamano wrote: > Junio C Hamano writes: > > > I am inclined to say that it has no security implications. You have > > to be able to write a bogus loose object in an object store you > > already have write access to in the

Re: Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

Btw, this other test case will trigger a similar issue, but in another line of code: To reproduce: $ git init ; mkdir -p .git/objects/b2 ; printf 'eJwNwoENgDAIBECkDsII5Z8CHagLGPePXu59zjHGRIOZG3OzI/lnRc4KemXDPdYSml6iQ+4ATIZ+nAEK4g==' | base64 -d >

Re: Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

Junio C Hamano writes: > I am inclined to say that it has no security implications. You have > to be able to write a bogus loose object in an object store you > already have write access to in the first place, in order to cause > this ... Note that you could social-engineer

Re: Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

Gustavo Grieco writes: > Fair enough. We are testing our tool to try to find > bugs/vulnerabilities in several git implementations. I will report > here my results if i can find some other memory issue in this git > client. Thanks. With or without security implications,

Re: Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

Fair enough. We are testing our tool to try to find bugs/vulnerabilities in several git implementations. I will report here my results if i can find some other memory issue in this git client. - Original Message - > Gustavo Grieco writes: > > > Now that the

Re: Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

Gustavo Grieco writes: > Now that the cause of this issue is identified, i would like to > know if there is an impact in the security, so i can request a CVE > if necessary. I am inclined to say that it has no security implications. You have to be able to write a bogus

Re: Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

Hello, Now that the cause of this issue is identified, i would like to know if there is an impact in the security, so i can request a CVE if necessary. Thanks!

Re: Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

On Sun, Sep 25, 2016 at 05:10:31PM -0700, Junio C Hamano wrote: > Gustavo Grieco writes: > > > We found a stack read out-of-bounds parsing object files using git 2.10.0. > > It was tested on ArchLinux x86_64. To reproduce, first recompile git with > > ASAN support and

Re: Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

Gustavo Grieco writes: > We found a stack read out-of-bounds parsing object files using git 2.10.0. It > was tested on ArchLinux x86_64. To reproduce, first recompile git with ASAN > support and then execute: > > $ git init ; mkdir -p .git/objects/b2 ; printf 'x' > >

Stack read out-of-bounds in parse_sha1_header_extended using git 2.10.0

Hi, We found a stack read out-of-bounds parsing object files using git 2.10.0. It was tested on ArchLinux x86_64. To reproduce, first recompile git with ASAN support and then execute: $ git init ; mkdir -p .git/objects/b2 ; printf 'x' > .git/objects/b2/93584ddd61af21260be75ee9f73e9d53f08cd0