lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 8 Feb 2019 15:38:05 -0500
From:   "Randall S. Becker" <rsbecker@...bridge.com>
To:     "'Jeff King'" <peff@...f.net>
Cc:     "'Junio C Hamano'" <gitster@...ox.com>, <git@...r.kernel.org>,
        "'Linux Kernel'" <linux-kernel@...r.kernel.org>,
        <git-packagers@...glegroups.com>
Subject: RE: [Breakage] Git v2.21.0-rc0 - t5318 (NonStop)



> -----Original Message-----
> From: Jeff King <peff@...f.net>
> Sent: February 8, 2019 14:32
> To: Randall S. Becker <rsbecker@...bridge.com>
> Cc: 'Junio C Hamano' <gitster@...ox.com>; git@...r.kernel.org; 'Linux
> Kernel' <linux-kernel@...r.kernel.org>; git-packagers@...glegroups.com
> Subject: Re: [Breakage] Git v2.21.0-rc0 - t5318 (NonStop)
> 
> On Fri, Feb 08, 2019 at 02:26:17PM -0500, Randall S. Becker wrote:
> 
> > > > For this, we could use truncate -s count file instead of dd to get
> > > > a fixed size file of nulls. This would remove the need for
> > > > /dev/zero in
> > > > t5318 (the patch below probably will wrap badly in my mailer so I
> > > > can submit a real patch separately.
> > >
> > > I don't think "truncate" is portable, though.
> >
> > It is available AFAIK on Linux, POSIX, and Windows under Cygwin.
> > That's more than /dev/zero has anyway. I have the patch ready if you
> > want it.
> 
> Is it POSIX? Certainly truncate() is, but I didn't think the command-line tool
> was. If it really is available everywhere, then yeah, I'd be fine with it.
> 
> > > > > Other cases don't seem to actually care that they're getting
> > > > > NULs, and are just redirecting stdin from /dev/zero to get an
> > > > > infinite amount of input. They could probably use "yes" for that.
> > > >
> > > > What about reading from /dev/null?
> > >
> > > That would yield zero bytes, not an infinite number of them.
> >
> > So something like: yes | tr 'y' '\0' | stuff?
> 
> Exactly (if we even care about them being NULs; otherwise, we can omit the
> "tr" invocation).

I'm a bit perplexed about this... Obviously added some debugging info, but why we're getting No REQUEST_METHOD is perplexing. Is this a lack of an apache2 instance?

expecting success:
        NOT_FIT_IN_SSIZE=$(ssize_b100dots) &&
        env \
                CONTENT_TYPE=application/x-git-upload-pack-request \
                QUERY_STRING=/repo.git/git-upload-pack \
                PATH_TRANSLATED="$PWD"/.git/git-upload-pack \
                GIT_HTTP_EXPORT_ALL=TRUE \
                REQUEST_METHOD=POST \
                CONTENT_LENGTH="$NOT_FIT_IN_SSIZE" \
                yes | tr "y" "\\0" | git http-backend 2>err &&
        echo "Err is" &&
        cat err &&
        grep "fatal:.*CONTENT_LENGTH" err

Status: 500 Internal Server Error
Expires: Fri, 01 Jan 1980 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate

Err is
fatal: No REQUEST_METHOD from server
not ok 15 - CONTENT_LENGTH overflow ssite_t

Cheers,
Randall

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ