Browse Source

Delete checkObjectCollisions from PackParser

This flag was added to provide an unsafe operation on the local
repository because the storage.dht code was too damn slow to provide
proper safe Git behavior all of the time. Now that stoarge.dht has
been removed from the repository, also delete this unsafe flag to
prevent applications from misusing the JGit library and permitting
users to potentially damage their local repository with bad data
received from an untrusted peer.

Change-Id: Ib1861c48bb74836731e7b7d57b635dd654b0dc66
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
stable-2.1
Shawn O. Pearce 12 years ago committed by Matthias Sohn
parent
commit
9638e0aa87
  1. 37
      org.eclipse.jgit/src/org/eclipse/jgit/transport/PackParser.java

37
org.eclipse.jgit/src/org/eclipse/jgit/transport/PackParser.java

@ -135,8 +135,6 @@ public abstract class PackParser {
private boolean allowThin;
private boolean checkObjectCollisions;
private boolean needBaseObjectIds;
private boolean checkEofAfterPackFooter;
@ -206,7 +204,6 @@ public abstract class PackParser {
objectDigest = Constants.newMessageDigest();
tempObjectId = new MutableObjectId();
packDigest = Constants.newMessageDigest();
checkObjectCollisions = true;
}
/** @return true if a thin pack (missing base objects) is permitted. */
@ -227,35 +224,6 @@ public abstract class PackParser {
allowThin = allow;
}
/** @return if true received objects are verified to prevent collisions. */
public boolean isCheckObjectCollisions() {
return checkObjectCollisions;
}
/**
* Enable checking for collisions with existing objects.
* <p>
* By default PackParser looks for each received object in the repository.
* If the object already exists, the existing object is compared
* byte-for-byte with the newly received copy to ensure they are identical.
* The receive is aborted with an exception if any byte differs. This check
* is necessary to prevent an evil attacker from supplying a replacement
* object into this repository in the event that a discovery enabling SHA-1
* collisions is made.
* <p>
* This check may be very costly to perform, and some repositories may have
* other ways to segregate newly received object data. The check is enabled
* by default, but can be explicitly disabled if the implementation can
* provide the same guarantee, or is willing to accept the risks associated
* with bypassing the check.
*
* @param check
* true to enable collision checking (strongly encouraged).
*/
public void setCheckObjectCollisions(boolean check) {
checkObjectCollisions = check;
}
/**
* Configure this index pack instance to keep track of new objects.
* <p>
@ -1004,8 +972,7 @@ public abstract class PackParser {
}
inf.close();
tempObjectId.fromRaw(objectDigest.digest(), 0);
checkContentLater = isCheckObjectCollisions()
&& readCurs.has(tempObjectId);
checkContentLater = readCurs.has(tempObjectId);
data = null;
} else {
@ -1037,7 +1004,6 @@ public abstract class PackParser {
}
}
if (isCheckObjectCollisions()) {
try {
final ObjectLoader ldr = readCurs.open(id, type);
final byte[] existingData = ldr.getCachedBytes(data.length);
@ -1051,7 +1017,6 @@ public abstract class PackParser {
// an error to read something that doesn't exist.
}
}
}
private void doDeferredCheckBlobs() throws IOException {
final byte[] readBuffer = buffer();

Loading…
Cancel
Save