W dniu 06.01.2016 o 01:23, Jonathan Nieder pisze: > Jeff King wrote: > >> Git packfiles come from two places: >> >> 1. Local maintenance repacks loose and already-packed objects into a >> new packfile. We trust the local repack process to generate a valid >> packfile (though the contents of individual objects may be >> untrusted, of course). > > I think we should reconsider such trust. If one user creates a > malicious pack, if another user uses read-only git commands to access > the repository (after inspecting .git/config to make sure it doesn't > contain anything scary) the result should not be arbitrary code > execution. > > Producing bogus output or aborting is okay; arbitrary code execution > less so. > > Thanks, > Jonathan
I'd be happy to help you go through the fuzzing process - I don't have enough horsepower and codebase knowledge to do it on my own though. If you have an afl-fuzz question though, let me know.
signature.asc
Description: OpenPGP digital signature
