0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-26 16:19:05 -05:00
forgejo/modules
KN4CK3R 5f79550a0d
Prevent double use of git cat-file session. (#29298)
Fixes the reason why #29101 is hard to replicate.
Related #29297

Create a repo with a file with minimum size 4097 bytes (I use 10000) and
execute the following code:
```go
gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, <repo>)
assert.NoError(t, err)

commit, err := gitRepo.GetCommit(<sha>)
assert.NoError(t, err)

entry, err := commit.GetTreeEntryByPath(<file>)
assert.NoError(t, err)

b := entry.Blob()

// Create a reader
r, err := b.DataAsync()
assert.NoError(t, err)
defer r.Close()

// Create a second reader
r2, err := b.DataAsync()
assert.NoError(t, err) // Should be no error but is ErrNotExist
defer r2.Close()
```

The problem is the check in `CatFileBatch`:

79217ea63c/modules/git/repo_base_nogogit.go (L81-L87)
`Buffered() > 0` is used to check if there is a "operation" in progress
at the moment. This is a problem because we can't control the internal
buffer in the `bufio.Reader`. The code above demonstrates a sequence
which initiates an operation for which the code thinks there is no
active processing. The second call to `DataAsync()` therefore reuses the
existing instances instead of creating a new batch reader.

(cherry picked from commit f74c869221624092999097af38b6f7fae4701420)
2024-02-26 22:30:25 +01:00
..
actions Implement some action notifier functions (#29173) 2024-02-19 22:58:32 +01:00
activitypub Upgrade to golangci-lint@v1.55.0 (#27756) 2023-10-24 02:54:59 +00:00
analyze
assetfs
auth Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
avatar [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
base Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
cache Always enable caches (#28527) 2023-12-19 09:29:05 +00:00
charset [FEAT] Enable ambiguous character detection in configured contexts 2024-02-23 13:12:17 +01:00
container
context Allow instance-wide disabling of forking 2024-02-25 12:00:17 +01:00
contexttest Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
csv Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
emoji
eventsource Final round of db.DefaultContext refactor (#27587) 2023-10-14 08:37:24 +00:00
generate Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
git Prevent double use of git cat-file session. (#29298) 2024-02-26 22:30:25 +01:00
gitgraph More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
gitrepo Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
graceful Suggest to use Type=simple for systemd service (#28717) 2024-01-07 15:18:04 +00:00
hcaptcha
highlight Add option to disable ambiguous unicode characters detection (#28454) 2023-12-17 14:38:54 +00:00
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
html
httpcache [BRANDING] add X-Forgejo-* headers 2024-02-05 16:02:14 +01:00
httplib
indexer [gitea] fix: Elasticsearch: Request Entity Too Large #28117 (#29062) 2024-02-10 10:53:43 +01:00
issue/template
json
label
lfs [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
log
markup [BUG] Restrict when to make link absolute in markdown 2024-02-19 20:56:00 +01:00
mcaptcha
metrics
migration Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
nosql
optional Unify user update methods (#28733) 2024-02-04 13:29:09 +00:00
options
packages [GITEA] feat(nuget): basic manifest download 2024-02-05 15:08:04 +01:00
paginator
pprof
private [CLI] implement forgejo-cli 2024-02-05 13:33:58 +01:00
process Replace assert.Fail with assert.FailNow (#27578) 2023-10-11 11:02:24 +00:00
proxy
proxyprotocol
public Refactor CORS handler (#28587) 2023-12-25 20:13:18 +08:00
queue [CI] disable redis test, no redis server yet in CI 2024-02-05 13:33:58 +01:00
recaptcha
references Add support for sha256 repositories (#23894) 2024-01-19 17:05:02 +01:00
regexplru
repository Always write proc-receive hook for all git versions (#29287) 2024-02-26 22:30:25 +01:00
secret [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
session
setting Allow instance-wide disabling of forking 2024-02-25 12:00:17 +01:00
sitemap
ssh Remove SSH workaround (#27893) 2023-11-03 15:21:05 +00:00
storage [CI] Forgejo Actions based CI for PR & branches 2024-02-05 13:33:59 +01:00
structs Allow instance-wide disabling of forking 2024-02-25 12:00:17 +01:00
svg
sync
system Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
templates Refactor more code in templates (#29236) 2024-02-19 22:58:32 +01:00
test [TESTS] add log.Level to test.NewLogChecker 2024-02-05 16:54:44 +01:00
testlogger
timeutil Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
translation Improve TrHTML and add more tests (#29228) 2024-02-19 22:58:33 +01:00
turnstile
typesniffer
updatechecker [PRIVACY] Add a DNS method to fetch new updates 2024-02-05 15:38:36 +01:00
upload
uri
user
util Port "Use general token signing secret" 2024-02-19 20:49:37 +01:00
validation [GITEA] add option for banning dots in usernames 2024-02-05 16:05:50 +01:00
web Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
webhook [ACTIONS] on.schedule: the event is always "schedule" 2024-02-05 16:54:44 +01:00