git-annex/Utility
Joey Hess 15be5c04a6
git-annex-shell, remotedaemon, git remote: Fix some memory DOS attacks.
The attacker could just send a very lot of data, with no \n and it would
all be buffered in memory until the kernel killed git-annex or perhaps OOM
killed some other more valuable process.

This is a low impact security hole, only affecting communication between
local git-annex and git-annex-shell on the remote system. (With either
able to be the attacker). Only those with the right ssh key can do it. And,
there are probably lots of ways to construct git repositories that make git
use a lot of memory in various ways, which would have similar impact as
this attack.

The fix in P2P/IO.hs would have been higher impact, if it had made it to a
released version, since it would have allowed DOSing the tor hidden
service without needing to authenticate.

(The LockContent and NotifyChanges instances may not be really
exploitable; since the line is read and ignored, it probably gets read
lazily and does not end up staying buffered in memory.)
2016-12-09 13:34:32 -04:00
..
DirWatcher Avoid backtraces on expected failures when built with ghc 8; only use backtraces for unexpected errors. 2016-11-15 21:29:54 -04:00
LockFile Avoid backtraces on expected failures when built with ghc 8; only use backtraces for unexpected errors. 2016-11-15 21:29:54 -04:00
LockPool fix build with old ghc 2016-03-05 15:18:52 -04:00
Process merge from propellor 2015-10-28 00:18:01 -04:00
Scheduled reorg quickcheck to a separate module 2015-11-17 15:49:22 -04:00
Touch move old ghc compat code into separate module; eliminate WITH_CLIBS 2016-02-15 11:47:33 -04:00
Applicative.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
AuthToken.hs unified AuthToken type between webapp and tor 2016-11-22 14:18:34 -04:00
Base64.hs avoid throwing exception when String is not encoded using the filesystem encoding 2015-08-12 10:57:48 -04:00
Batch.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
Bloom.hs fix bug in back-compat ifdef 2015-09-23 13:09:08 -04:00
CoProcess.hs restart coprocess in raw mode 2016-11-01 14:03:59 -04:00
CopyFile.hs hard links on windows 2016-04-08 15:25:32 -04:00
Daemon.hs Avoid backtraces on expected failures when built with ghc 8; only use backtraces for unexpected errors. 2016-11-15 21:29:54 -04:00
Data.hs disable horrible tab warning, needed in every file that Setup.hs pulls in 2015-05-10 16:31:50 -04:00
DataUnits.hs info: Added --bytes option. 2015-04-12 14:08:40 -04:00
DBus.hs Revert "When listing DBus services, also list activatable services." 2015-06-02 14:38:24 -04:00
Directory.hs split out module to work around badly named symbol in directory-1.2.6.2 2016-05-22 15:51:31 -04:00
DirWatcher.hs removed all uses of undefined from code base 2015-04-19 00:38:29 -04:00
DiskFree.hs build without disk-free-space on android 2016-03-08 02:45:10 -04:00
Dot.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
DottedVersion.hs more {-# OPTIONS_GHC -fno-warn-tabs #-} ... Forcing people who have what is merely a difference of opinion to you to do this is a bit of an asshole move. Just saying. 2015-05-10 16:38:49 -04:00
Env.hs more {-# OPTIONS_GHC -fno-warn-tabs #-} ... Forcing people who have what is merely a difference of opinion to you to do this is a bit of an asshole move. Just saying. 2015-05-10 16:38:49 -04:00
Exception.hs allow Utility.Exception to still be used when not building with cabal 2016-11-15 22:01:55 -04:00
ExternalSHA.hs fsck: When checksumming a file fails due to a hardware fault, the file is now moved to the bad directory, and the fsck proceeds. Before, the fsck immediately failed. 2015-05-27 16:40:03 -04:00
FileMode.hs clean build warning on windows 2015-12-28 13:06:36 -04:00
FileSize.hs matchexpression: New plumbing command to check if a preferred content expression matches some data. 2016-01-25 16:16:18 -04:00
FileSystemEncoding.hs optimise read and write for Keys database (untested) 2015-12-23 19:18:52 -04:00
Format.hs better types 2016-02-14 16:26:39 -04:00
FreeDesktop.hs use System.Directory not Utility.Directory 2016-09-22 11:34:55 -04:00
Glob.hs Avoid backtraces on expected failures when built with ghc 8; only use backtraces for unexpected errors. 2016-11-15 21:29:54 -04:00
Gpg.hs Avoid backtraces on expected failures when built with ghc 8; only use backtraces for unexpected errors. 2016-11-15 21:29:54 -04:00
Hash.hs package qualify imports 2015-08-14 17:23:25 -04:00
HumanNumber.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
HumanTime.hs generalize parseDuration so it can be used in the ReadM monad 2015-07-08 16:08:26 -04:00
InodeCache.hs automatic conflict resolution for v6 unlocked files 2015-12-29 15:41:09 -04:00
libkqueue.c update my email address and homepage url 2015-01-21 12:50:09 -04:00
libkqueue.h fix prototype 2012-06-19 01:57:19 -04:00
LinuxMkLibs.hs avoid warnings about not exported System.Directory.isSymbolicLink 2016-04-28 15:18:11 -04:00
LockFile.hs use lock pools throughout git-annex 2015-05-19 14:09:52 -04:00
LockPool.hs Fix shared lock file FD leak. 2016-03-01 15:31:39 -04:00
LogFile.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
Lsof.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
Matcher.hs improve comment 2015-09-15 13:12:21 -04:00
Metered.hs force sofar calculation 2016-12-08 16:28:07 -04:00
Misc.hs merge hlint changes from propellor 2015-09-13 13:39:48 -04:00
Monad.hs disable horrible tab warning, needed in every file that Setup.hs pulls in 2015-05-10 16:31:50 -04:00
Mounts.hs remove Utility.Mounts et al; moved to mountpoints package 2016-02-15 11:14:37 -04:00
Network.hs more {-# OPTIONS_GHC -fno-warn-tabs #-} ... Forcing people who have what is merely a difference of opinion to you to do this is a bit of an asshole move. Just saying. 2015-05-10 16:38:49 -04:00
NotificationBroadcaster.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
OptParse.hs I've been not documenting these import Preludes used to deal with the AMP transition 2015-09-15 11:32:47 -04:00
OSX.hs disable horrible tab warning, needed in every file that Setup.hs pulls in 2015-05-10 16:31:50 -04:00
Parallel.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
PartialPrelude.hs more {-# OPTIONS_GHC -fno-warn-tabs #-} ... Forcing people who have what is merely a difference of opinion to you to do this is a bit of an asshole move. Just saying. 2015-05-10 16:38:49 -04:00
Path.hs avoid warnings about not exported System.Directory.isSymbolicLink 2016-04-28 15:18:11 -04:00
Percentage.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
PID.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
PosixFiles.hs hard links on windows 2016-04-08 15:25:32 -04:00
Process.hs merge from propellor 2016-03-06 20:09:05 -04:00
QuickCheck.hs fix build warning with new version of QuickCheck 2016-06-13 16:00:23 -04:00
Quvi.hs Avoid backtraces on expected failures when built with ghc 8; only use backtraces for unexpected errors. 2016-11-15 21:29:54 -04:00
Rsync.hs Added new toMSYS2Path function for use with rsync on Windows. 2016-01-11 11:18:58 +01:00
SafeCommand.hs use intercalate instead of MissingH's join 2015-11-17 17:27:24 -04:00
Scheduled.hs import Data.Time.Format to ensure its Read instance for LocalTime is available 2015-11-21 13:36:30 -04:00
Shell.hs Windows: Handle shebang in external special remote program. 2016-09-05 12:09:23 -04:00
SimpleProtocol.hs git-annex-shell, remotedaemon, git remote: Fix some memory DOS attacks. 2016-12-09 13:34:32 -04:00
SRV.hs Roll the dns build flag into the assistant build flag. 2016-01-26 08:48:23 -04:00
SshConfig.hs redundant import 2015-09-22 12:31:54 -04:00
SystemDirectory.hs split out module to work around badly named symbol in directory-1.2.6.2 2016-05-22 15:51:31 -04:00
Tense.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
ThreadLock.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
ThreadScheduler.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
TList.hs update my email address and homepage url 2015-01-21 12:50:09 -04:00
Tmp.hs avoid warnings about not exported System.Directory.isSymbolicLink 2016-04-28 15:18:11 -04:00
Tor.hs cleanup 2016-11-29 17:52:46 -04:00
Touch.hs another windows build fix 2016-03-05 15:08:37 -04:00
Url.hs avoid deprecation warning from parseUrl 2016-09-07 12:02:38 -04:00
UserInfo.hs Avoid backtraces on expected failures when built with ghc 8; only use backtraces for unexpected errors. 2016-11-15 21:29:54 -04:00
Verifiable.hs Removed dependency on haskell SHA library, instead using cryptohash >= 0.11.0. 2015-04-19 11:05:32 -04:00
WebApp.hs unified AuthToken type between webapp and tor 2016-11-22 14:18:34 -04:00
WinProcess.hs Fix Windows build to work with ghc 7.10 2015-09-01 14:51:14 -07:00
Yesod.hs fix build warning when building with yesod 1.2 and newer yesod-core 2015-08-03 15:42:44 -04:00