<feed xmlns='http://www.w3.org/2005/Atom'>
<title>delta/libgit2.git/src/streams/openssl.c, branch ethomson/github_actions</title>
<subtitle>github.com: libgit2/libgit2.git
</subtitle>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/'/>
<entry>
<title>streams: openssl: fix memleak due to us not free'ing certs</title>
<updated>2020-05-15T15:54:40+00:00</updated>
<author>
<name>Patrick Steinhardt</name>
<email>ps@pks.im</email>
</author>
<published>2020-05-15T15:46:24+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=b43a9e6657120fdfb3d01e603aac4c006de98477'/>
<id>b43a9e6657120fdfb3d01e603aac4c006de98477</id>
<content type='text'>
When creating a `git_cert` from the OpenSSL X509 certificate of a given
stream, we do not call `X509_free()` on the certificate, leading to a
memory leak as soon as the certificate is requested e.g. by the
certificate check callback.

Fix the issue by properly calling `X509_free()`.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When creating a `git_cert` from the OpenSSL X509 certificate of a given
stream, we do not call `X509_free()` on the certificate, leading to a
memory leak as soon as the certificate is requested e.g. by the
certificate check callback.

Fix the issue by properly calling `X509_free()`.
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge pull request #5391 from pks-t/pks/coverity-fixes</title>
<updated>2020-02-19T11:14:16+00:00</updated>
<author>
<name>Patrick Steinhardt</name>
<email>ps@pks.im</email>
</author>
<published>2020-02-19T11:14:16+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=8aa04a37d180240edb68db4267a0895ce38e9fc3'/>
<id>8aa04a37d180240edb68db4267a0895ce38e9fc3</id>
<content type='text'>
Coverity fixes</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Coverity fixes</pre>
</div>
</content>
</entry>
<entry>
<title>streams: openssl: switch approach to silence Valgrind errors</title>
<updated>2020-02-11T11:01:54+00:00</updated>
<author>
<name>Patrick Steinhardt</name>
<email>ps@pks.im</email>
</author>
<published>2020-02-11T09:37:32+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=0119e57df028d2eb9ed6f80aa859bb4ed976bb2b'/>
<id>0119e57df028d2eb9ed6f80aa859bb4ed976bb2b</id>
<content type='text'>
As OpenSSL loves using uninitialized bytes as another source of entropy,
we need to mark them as defined so that Valgrind won't complain about
use of these bytes. Traditionally, we've been using the macro
`VALGRIND_MAKE_MEM_DEFINED` provided by Valgrind, but starting with
OpenSSL 1.1 the code doesn't compile anymore due to `struct SSL` having
become opaque. As such, we also can't set it as defined anymore, as we
have no way of knowing its size.

Let's change gears instead by just swapping out the allocator functions
of OpenSSL with our own ones. The twist is that instead of calling
`malloc`, we just call `calloc` to have the bytes initialized
automatically. Next to soothing Valgrind, this approach has the benefit
of being completely agnostic of the memory sanitizer and is neatly
contained at a single place.

Note that we shouldn't do this for non-Valgrind builds. As we cannot
set up memory functions for a given SSL context, only, we need to swap
them at a global context. Furthermore, as it's possible to call
`OPENSSL_set_mem_functions` once only, we'd prevent users of libgit2 to
set up their own allocators.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
As OpenSSL loves using uninitialized bytes as another source of entropy,
we need to mark them as defined so that Valgrind won't complain about
use of these bytes. Traditionally, we've been using the macro
`VALGRIND_MAKE_MEM_DEFINED` provided by Valgrind, but starting with
OpenSSL 1.1 the code doesn't compile anymore due to `struct SSL` having
become opaque. As such, we also can't set it as defined anymore, as we
have no way of knowing its size.

Let's change gears instead by just swapping out the allocator functions
of OpenSSL with our own ones. The twist is that instead of calling
`malloc`, we just call `calloc` to have the bytes initialized
automatically. Next to soothing Valgrind, this approach has the benefit
of being completely agnostic of the memory sanitizer and is neatly
contained at a single place.

Note that we shouldn't do this for non-Valgrind builds. As we cannot
set up memory functions for a given SSL context, only, we need to swap
them at a global context. Furthermore, as it's possible to call
`OPENSSL_set_mem_functions` once only, we'd prevent users of libgit2 to
set up their own allocators.
</pre>
</div>
</content>
</entry>
<entry>
<title>streams: openssl: ignore return value of `git_mutex_lock`</title>
<updated>2020-02-07T12:08:23+00:00</updated>
<author>
<name>Patrick Steinhardt</name>
<email>ps@pks.im</email>
</author>
<published>2020-02-07T11:56:26+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=b3b92e099dd267bf2c5b86291eb2b36a6f8f6b3a'/>
<id>b3b92e099dd267bf2c5b86291eb2b36a6f8f6b3a</id>
<content type='text'>
OpenSSL pre-v1.1 required us to set up a locking function to properly
support multithreading. The locking function signature cannot return any
error codes, and as a result we can't do anything if `git_mutex_lock`
fails. To silence static analysis tools, let's just explicitly ignore
its return value by casting it to `void`.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
OpenSSL pre-v1.1 required us to set up a locking function to properly
support multithreading. The locking function signature cannot return any
error codes, and as a result we can't do anything if `git_mutex_lock`
fails. To silence static analysis tools, let's just explicitly ignore
its return value by casting it to `void`.
</pre>
</div>
</content>
</entry>
<entry>
<title>valgrind: add valgrind hints in OpenSSL</title>
<updated>2019-11-24T06:29:38+00:00</updated>
<author>
<name>Edward Thomson</name>
<email>ethomson@edwardthomson.com</email>
</author>
<published>2019-11-24T05:22:31+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=cb77423fa4b86e073862f426556601a111505cd5'/>
<id>cb77423fa4b86e073862f426556601a111505cd5</id>
<content type='text'>
Provide usage hints to valgrind.  We trust the data coming back from
OpenSSL to have been properly initialized.  (And if it has not, it's an
OpenSSL bug, not a libgit2 bug.)

We previously took the `VALGRIND` option to CMake as a hint to disable
mmap.  Remove that; it's broken.  Now use it to pass on the `VALGRIND`
definition so that sources can provide valgrind hints.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Provide usage hints to valgrind.  We trust the data coming back from
OpenSSL to have been properly initialized.  (And if it has not, it's an
OpenSSL bug, not a libgit2 bug.)

We previously took the `VALGRIND` option to CMake as a hint to disable
mmap.  Remove that; it's broken.  Now use it to pass on the `VALGRIND`
definition so that sources can provide valgrind hints.
</pre>
</div>
</content>
</entry>
<entry>
<title>valgrind: add suppressions for undefined use</title>
<updated>2019-11-24T06:29:38+00:00</updated>
<author>
<name>Edward Thomson</name>
<email>ethomson@edwardthomson.com</email>
</author>
<published>2019-11-24T04:59:26+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=2ad3eb3e8e87d3ae190f894a39c324b8d6da59bb'/>
<id>2ad3eb3e8e87d3ae190f894a39c324b8d6da59bb</id>
<content type='text'>
valgrind will warn that OpenSSL will use undefined data in connect/read
when talking to certain other TLS stacks.  Thankfully, this only seems
to occur when gcc is the compiler, so hopefully valgrind is just
misunderstanding an optimization.  Regardless, suppress this warning.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
valgrind will warn that OpenSSL will use undefined data in connect/read
when talking to certain other TLS stacks.  Thankfully, this only seems
to occur when gcc is the compiler, so hopefully valgrind is just
misunderstanding an optimization.  Regardless, suppress this warning.
</pre>
</div>
</content>
</entry>
<entry>
<title>openssl: fix potential size overflow when writing data</title>
<updated>2019-01-31T13:47:42+00:00</updated>
<author>
<name>Patrick Steinhardt</name>
<email>ps@pks.im</email>
</author>
<published>2019-01-23T14:54:05+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=657197e6541df32ffa3a093f85b7810ebd6ff566'/>
<id>657197e6541df32ffa3a093f85b7810ebd6ff566</id>
<content type='text'>
Our `openssl_write` function calls `SSL_write` by passing in both `data`
and `len` arguments directly. Thing is, our `len` parameter is of type
`size_t` and theirs is of type `int`. We thus need to clamp our length
to be at most `INT_MAX`.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Our `openssl_write` function calls `SSL_write` by passing in both `data`
and `len` arguments directly. Thing is, our `len` parameter is of type
`size_t` and theirs is of type `int`. We thus need to clamp our length
to be at most `INT_MAX`.
</pre>
</div>
</content>
</entry>
<entry>
<title>streams: make file-local functions static</title>
<updated>2019-01-31T13:34:14+00:00</updated>
<author>
<name>Patrick Steinhardt</name>
<email>ps@pks.im</email>
</author>
<published>2019-01-23T14:42:07+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=193e7ce979c2a44d6bdf25aeefc31d27a70ce054'/>
<id>193e7ce979c2a44d6bdf25aeefc31d27a70ce054</id>
<content type='text'>
The callback functions that implement the `git_stream` structure are
only used inside of their respective implementation files, but they are
not marked as `static`. Fix this.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The callback functions that implement the `git_stream` structure are
only used inside of their respective implementation files, but they are
not marked as `static`. Fix this.
</pre>
</div>
</content>
</entry>
<entry>
<title>streams: don't write more than SSIZE_MAX</title>
<updated>2019-01-25T22:47:39+00:00</updated>
<author>
<name>Edward Thomson</name>
<email>ethomson@edwardthomson.com</email>
</author>
<published>2019-01-21T09:56:23+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=f1986a23d8e99b8446e7ec2111c12b1de582885f'/>
<id>f1986a23d8e99b8446e7ec2111c12b1de582885f</id>
<content type='text'>
Our streams implementation takes a `size_t` that indicates the length of
the data buffer to be written, and returns an `ssize_t` that indicates
the length that _was_ written.  Clearly no such implementation can write
more than `SSIZE_MAX` bytes.  Ensure that each TLS stream implementation
does not try to write more than `SSIZE_MAX` bytes (or smaller; if the
given implementation takes a smaller size).
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Our streams implementation takes a `size_t` that indicates the length of
the data buffer to be written, and returns an `ssize_t` that indicates
the length that _was_ written.  Clearly no such implementation can write
more than `SSIZE_MAX` bytes.  Ensure that each TLS stream implementation
does not try to write more than `SSIZE_MAX` bytes (or smaller; if the
given implementation takes a smaller size).
</pre>
</div>
</content>
</entry>
<entry>
<title>git_error: use new names in internal APIs and usage</title>
<updated>2019-01-22T22:30:35+00:00</updated>
<author>
<name>Edward Thomson</name>
<email>ethomson@edwardthomson.com</email>
</author>
<published>2018-12-27T19:47:34+00:00</published>
<link rel='alternate' type='text/html' href='http://91.123.203.49/cgit/delta/libgit2.git/commit/?id=f673e232afe22eb865cdc915e55a2df6493f0fbb'/>
<id>f673e232afe22eb865cdc915e55a2df6493f0fbb</id>
<content type='text'>
Move to the `git_error` name in the internal API for error-related
functions.
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Move to the `git_error` name in the internal API for error-related
functions.
</pre>
</div>
</content>
</entry>
</feed>
