On Mon, Sep 26, 2016 at 11:10:54AM -0700, Junio C Hamano wrote:
> Junio C Hamano writes:
>
> > I am inclined to say that it has no security implications. You have
> > to be able to write a bogus loose object in an object store you
> > already have write access to in the
Btw, this other test case will trigger a similar issue, but in another line of
code:
To reproduce:
$ git init ; mkdir -p .git/objects/b2 ; printf
'eJwNwoENgDAIBECkDsII5Z8CHagLGPePXu59zjHGRIOZG3OzI/lnRc4KemXDPdYSml6iQ+4ATIZ+nAEK4g=='
| base64 -d >
Junio C Hamano writes:
> I am inclined to say that it has no security implications. You have
> to be able to write a bogus loose object in an object store you
> already have write access to in the first place, in order to cause
> this ...
Note that you could social-engineer
Gustavo Grieco writes:
> Fair enough. We are testing our tool to try to find
> bugs/vulnerabilities in several git implementations. I will report
> here my results if i can find some other memory issue in this git
> client.
Thanks. With or without security implications,
Fair enough. We are testing our tool to try to find bugs/vulnerabilities in
several git implementations. I will report here my results if i can find some
other memory issue in this git client.
- Original Message -
> Gustavo Grieco writes:
>
> > Now that the
Gustavo Grieco writes:
> Now that the cause of this issue is identified, i would like to
> know if there is an impact in the security, so i can request a CVE
> if necessary.
I am inclined to say that it has no security implications. You have
to be able to write a bogus
Hello,
Now that the cause of this issue is identified, i would like to know if there
is an impact in the security, so i can request a CVE if necessary.
Thanks!
On Sun, Sep 25, 2016 at 05:10:31PM -0700, Junio C Hamano wrote:
> Gustavo Grieco writes:
>
> > We found a stack read out-of-bounds parsing object files using git 2.10.0.
> > It was tested on ArchLinux x86_64. To reproduce, first recompile git with
> > ASAN support and
Gustavo Grieco writes:
> We found a stack read out-of-bounds parsing object files using git 2.10.0. It
> was tested on ArchLinux x86_64. To reproduce, first recompile git with ASAN
> support and then execute:
>
> $ git init ; mkdir -p .git/objects/b2 ; printf 'x' >
>
Hi,
We found a stack read out-of-bounds parsing object files using git 2.10.0. It
was tested on ArchLinux x86_64. To reproduce, first recompile git with ASAN
support and then execute:
$ git init ; mkdir -p .git/objects/b2 ; printf 'x' >
.git/objects/b2/93584ddd61af21260be75ee9f73e9d53f08cd0
10 matches
Mail list logo