File CVE-2023-29007-0.patch of Package git.30869

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2023-29007-0.patch of Package git.30869

commit 29198213c9163c1d552ee2bdbf78d2b09ccc98b8
Author: Taylor Blau <me@ttaylorr.com>
Date:   Thu Apr 6 11:42:03 2023 -0400

t1300: demonstrate failure when renaming sections with long lines
    
    When renaming a configuration section which has an entry whose length
    exceeds the size of our buffer in config.c's implementation of
    `git_config_copy_or_rename_section_in_file()`, Git will incorrectly
    form a new configuration section with part of the data in the section
    being removed.
    
    In this instance, our first configuration file looks something like:
    
        [b]
          c = d <spaces> [a] e = f
        [a]
          g = h
    
    Here, we have two configuration values, "b.c", and "a.g". The value "[a]
    e = f" belongs to the configuration value "b.c", and does not form its
    own section.
    
    However, when renaming the section 'a' to 'xyz', Git will write back
    "[xyz]\ne = f", but "[xyz]" is still attached to the value of "b.c",
    which is why "e = f" on its own line becomes a new entry called "b.e".
    
    A slightly different example embeds the section being renamed within
    another section.
    
    Demonstrate this failure in a test in t1300, which we will fix in the
    following commit.
    
    Co-authored-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
    Helped-by: Jeff King <peff@peff.net>
    Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
    Signed-off-by: Taylor Blau <me@ttaylorr.com>

diff --git a/t/t1300-config.sh b/t/t1300-config.sh
index 1a4156c704..cd8f744160 100755
--- a/t/t1300-config.sh
+++ b/t/t1300-config.sh
@@ -613,6 +613,26 @@ test_expect_success 'renaming to bogus section is rejected' '
 	test_must_fail git config --rename-section branch.zwei "bogus name"
 '
 
+test_expect_failure 'renaming a section with a long line' '
+	{
+		printf "[b]\\n" &&
+		printf "  c = d %1024s [a] e = f\\n" " " &&
+		printf "[a] g = h\\n"
+	} >y &&
+	git config -f y --rename-section a xyz &&
+	test_must_fail git config -f y b.e
+'
+
+test_expect_failure 'renaming an embedded section with a long line' '
+	{
+		printf "[b]\\n" &&
+		printf "  c = d %1024s [a] [foo] e = f\\n" " " &&
+		printf "[a] g = h\\n"
+	} >y &&
+	git config -f y --rename-section a xyz &&
+	test_must_fail git config -f y foo.e
+'
+
 cat >> .git/config << EOF
   [branch "zwei"] a = 1 [branch "vier"]
 EOF

Places

File CVE-2023-29007-0.patch of Package git.30869

Places