Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-29 21:26:10 +01:00
forgejo/modules
KN4CK3R 5f79550a0d
Prevent double use of git cat-file session. (#29298)
Fixes the reason why #29101 is hard to replicate.
Related #29297

Create a repo with a file with minimum size 4097 bytes (I use 10000) and
execute the following code:
```go
gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, <repo>)
assert.NoError(t, err)

commit, err := gitRepo.GetCommit(<sha>)
assert.NoError(t, err)

entry, err := commit.GetTreeEntryByPath(<file>)
assert.NoError(t, err)

b := entry.Blob()

// Create a reader
r, err := b.DataAsync()
assert.NoError(t, err)
defer r.Close()

// Create a second reader
r2, err := b.DataAsync()
assert.NoError(t, err) // Should be no error but is ErrNotExist
defer r2.Close()
```

The problem is the check in `CatFileBatch`:

79217ea63c/modules/git/repo_base_nogogit.go (L81-L87)
`Buffered() > 0` is used to check if there is a "operation" in progress
at the moment. This is a problem because we can't control the internal
buffer in the `bufio.Reader`. The code above demonstrates a sequence
which initiates an operation for which the code thinks there is no
active processing. The second call to `DataAsync()` therefore reuses the
existing instances instead of creating a new batch reader.

(cherry picked from commit f74c869221624092999097af38b6f7fae4701420)
2024-02-26 22:30:25 +01:00
..
actions Implement some action notifier functions (#29173) 2024-02-19 22:58:32 +01:00
activitypub Upgrade to golangci-lint@v1.55.0 (#27756) 2023-10-24 02:54:59 +00:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs Use Set[Type] instead of map[Type]bool/struct{}. (#26804) 2023-08-30 06:55:25 +00:00
auth Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
avatar [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
base Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
cache Always enable caches (#28527) 2023-12-19 09:29:05 +00:00
charset [FEAT] Enable ambiguous character detection in configured contexts 2024-02-23 13:12:17 +01:00
container Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
context Allow instance-wide disabling of forking 2024-02-25 12:00:17 +01:00
contexttest Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
csv Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource Final round of db.DefaultContext refactor (#27587) 2023-10-14 08:37:24 +00:00
generate Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
git Prevent double use of git cat-file session. (#29298) 2024-02-26 22:30:25 +01:00
gitgraph More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
gitrepo Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
graceful Suggest to use Type=simple for systemd service (#28717) 2024-01-07 15:18:04 +00:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight Add option to disable ambiguous unicode characters detection (#28454) 2023-12-17 14:38:54 +00:00
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache [BRANDING] add X-Forgejo-* headers 2024-02-05 16:02:14 +01:00
httplib Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
indexer [gitea] fix: Elasticsearch: Request Entity Too Large #28117 (#29062) 2024-02-10 10:53:43 +01:00
issue/template Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
json Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
log Reduce some allocations in type conversion (#26772) 2023-08-29 00:43:16 +08:00
markup [BUG] Restrict when to make link absolute in markdown 2024-02-19 20:56:00 +01:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
migration Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
nosql Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
optional Unify user update methods (#28733) 2024-02-04 13:29:09 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages [GITEA] feat(nuget): basic manifest download 2024-02-05 15:08:04 +01:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private [CLI] implement forgejo-cli 2024-02-05 13:33:58 +01:00
process Replace assert.Fail with assert.FailNow (#27578) 2023-10-11 11:02:24 +00:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public Refactor CORS handler (#28587) 2023-12-25 20:13:18 +08:00
queue [CI] disable redis test, no redis server yet in CI 2024-02-05 13:33:58 +01:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references Add support for sha256 repositories (#23894) 2024-01-19 17:05:02 +01:00
regexplru Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
repository Always write proc-receive hook for all git versions (#29287) 2024-02-26 22:30:25 +01:00
secret [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
session Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
setting Allow instance-wide disabling of forking 2024-02-25 12:00:17 +01:00
sitemap Fix sitemap (#22272) 2022-12-30 23:31:00 +08:00
ssh Remove SSH workaround (#27893) 2023-11-03 15:21:05 +00:00
storage [CI] Forgejo Actions based CI for PR & branches 2024-02-05 13:33:59 +01:00
structs Allow instance-wide disabling of forking 2024-02-25 12:00:17 +01:00
svg Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
templates Refactor more code in templates (#29236) 2024-02-19 22:58:32 +01:00
test [TESTS] add log.Level to test.NewLogChecker 2024-02-05 16:54:44 +01:00
testlogger Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
timeutil Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
translation Improve TrHTML and add more tests (#29228) 2024-02-19 22:58:33 +01:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Detect ogg mime-type as audio or video (#26494) 2023-08-15 10:31:25 +08:00
updatechecker [PRIVACY] Add a DNS method to fetch new updates 2024-02-05 15:38:36 +01:00
upload Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
uri Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
util Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
validation [GITEA] add option for banning dots in usernames 2024-02-05 16:05:50 +01:00
web Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
webhook [ACTIONS] on.schedule: the event is always "schedule" 2024-02-05 16:54:44 +01:00