On Junio's master, "git rev-parse --verify" accepts *any* 40-digit
hexadecimal number.  For example, pass it 40 "1" characters, and it
accepts the argument:

$ git rev-parse --verify 1111111111111111111111111111111111111111
$ echo $?

Obviously, my repo doesn't have an object with this hash :-) so I think
this argument should be rejected.

If you add or remove a digit (to make the length different than 40), it
is correctly rejected:

$ git rev-parse --verify 111111111111111111111111111111111111111
fatal: Needed a single revision
$ echo $?

I believe that "git rev-parse --verify" is meant to verify that the
argument is an actual object, and that it should reject fictional SHA1s.
 (If not then the documentation should be clarified.)  The same problem
also exists in 1.8.2 but I haven't checked how much older it is.

The behavior presumably comes from the following clause in get_sha1_basic():

        if (len == 40 && !get_sha1_hex(str, sha1))
                return 0;

I won't have time to pursue this.


Michael Haggerty
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to