From 2269669fb11224da272aebe2f02393388c62a0fd Mon Sep 17 00:00:00 2001
From: David Pursehouse <david.pursehouse@gmail.com>
Date: Tue, 18 Dec 2018 15:44:44 +0900
Subject: TransferConfig: Make constructors public

UploadPack has a setTransferConfig method which allows to set the
transfer config, however since the constructors of TransferConfig
have the default package visibility it is not possible for any
application using UploadPack, for example Gerrit, to actually set
a transfer config.

Make the constructors public. This is consistent with the public
constructors for example on PackConfig.

Change-Id: I07080255838421871403b2b2bcc294aa8f621c57
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
---
 .../org/eclipse/jgit/transport/TransferConfig.java | 23 ++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransferConfig.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransferConfig.java
index 6b8d5c598e..59740c4dc8 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransferConfig.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransferConfig.java
@@ -133,12 +133,31 @@ public class TransferConfig {
 	final @Nullable ProtocolVersion protocolVersion;
 	final String[] hideRefs;
 
-	TransferConfig(Repository db) {
+	/**
+	 * Create a configuration honoring the repository's settings.
+	 *
+	 * @param db
+	 *            the repository to read settings from. The repository is not
+	 *            retained by the new configuration, instead its settings are
+	 *            copied during the constructor.
+	 * @since 5.1.4
+	 */
+	public TransferConfig(Repository db) {
 		this(db.getConfig());
 	}
 
+	/**
+	 * Create a configuration honoring settings in a
+	 * {@link org.eclipse.jgit.lib.Config}.
+	 *
+	 * @param rc
+	 *            the source to read settings from. The source is not retained
+	 *            by the new configuration, instead its settings are copied
+	 *            during the constructor.
+	 * @since 5.1.4
+	 */
 	@SuppressWarnings("nls")
-	TransferConfig(Config rc) {
+	public TransferConfig(Config rc) {
 		boolean fsck = rc.getBoolean("transfer", "fsckobjects", false);
 		fetchFsck = rc.getBoolean("fetch", "fsckobjects", fsck);
 		receiveFsck = rc.getBoolean("receive", "fsckobjects", fsck);
-- 
cgit v1.2.3


From f4fc6404baac5a6a5db34f71e62fb62fd8f1b8ef Mon Sep 17 00:00:00 2001
From: David Pursehouse <david.pursehouse@gmail.com>
Date: Tue, 18 Dec 2018 19:53:26 +0900
Subject: BasePackConnection: Check for expected length of ref advertisement

When a server sends a ref advertisement using protocol v2 it contains
lines other than ref names and sha1s.  Attempting to get the sha1 out
of such a line using the substring method can result in a SIOOB error
when it doesn't actually contain the sha1 and ref name.

Add a check that the line is of the expected length, and subsequently
that the extracted object id is valid, and if not throw an exception.

Change-Id: Id92fe66ff8b6deb2cf987d81929f8d0602c399f4
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
---
 .../org/eclipse/jgit/internal/JGitText.properties        |  1 +
 .../src/org/eclipse/jgit/internal/JGitText.java          |  1 +
 .../org/eclipse/jgit/transport/BasePackConnection.java   | 16 +++++++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
index 3f1d21289f..b0c952cd4c 100644
--- a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
+++ b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
@@ -390,6 +390,7 @@ invalidPathPeriodAtEndWindows=Invalid path (period at end is ignored by Windows)
 invalidPathSpaceAtEndWindows=Invalid path (space at end is ignored by Windows): {0}
 invalidPathReservedOnWindows=Invalid path (''{0}'' is reserved on Windows): {1}
 invalidRedirectLocation=Invalid redirect location {0} -> {1}
+invalidRefAdvertisementLine=Invalid ref advertisement line: ''{1}''
 invalidReflogRevision=Invalid reflog revision: {0}
 invalidRefName=Invalid ref name: {0}
 invalidReftableBlock=Invalid reftable block
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
index c11ae5a526..6e99ca739e 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
@@ -451,6 +451,7 @@ public class JGitText extends TranslationBundle {
 	/***/ public String invalidPathSpaceAtEndWindows;
 	/***/ public String invalidPathReservedOnWindows;
 	/***/ public String invalidRedirectLocation;
+	/***/ public String invalidRefAdvertisementLine;
 	/***/ public String invalidReflogRevision;
 	/***/ public String invalidRefName;
 	/***/ public String invalidReftableBlock;
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java
index 38eae1cd48..fcf78ac7b9 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java
@@ -57,6 +57,7 @@ import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.Set;
 
+import org.eclipse.jgit.errors.InvalidObjectIdException;
 import org.eclipse.jgit.errors.NoRemoteRepositoryException;
 import org.eclipse.jgit.errors.PackProtocolException;
 import org.eclipse.jgit.errors.RemoteRepositoryException;
@@ -222,6 +223,10 @@ abstract class BasePackConnection extends BaseConnection {
 				}
 			}
 
+			// Expecting to get a line in the form "sha1 refname"
+			if (line.length() < 41 || line.charAt(40) != ' ') {
+				throw invalidRefAdvertisementLine(line);
+			}
 			String name = line.substring(41, line.length());
 			if (avail.isEmpty() && name.equals("capabilities^{}")) { //$NON-NLS-1$
 				// special line from git-receive-pack to show
@@ -229,7 +234,12 @@ abstract class BasePackConnection extends BaseConnection {
 				continue;
 			}
 
-			final ObjectId id = ObjectId.fromString(line.substring(0, 40));
+			final ObjectId id;
+			try {
+				id  = ObjectId.fromString(line.substring(0, 40));
+			} catch (InvalidObjectIdException e) {
+				throw invalidRefAdvertisementLine(line);
+			}
 			if (name.equals(".have")) { //$NON-NLS-1$
 				additionalHaves.add(id);
 			} else if (name.endsWith("^{}")) { //$NON-NLS-1$
@@ -318,6 +328,10 @@ abstract class BasePackConnection extends BaseConnection {
 		return new PackProtocolException(uri, MessageFormat.format(JGitText.get().duplicateAdvertisementsOf, name));
 	}
 
+	private PackProtocolException invalidRefAdvertisementLine(String line) {
+		return new PackProtocolException(uri, MessageFormat.format(JGitText.get().invalidRefAdvertisementLine, line));
+	}
+
 	/** {@inheritDoc} */
 	@Override
 	public void close() {
-- 
cgit v1.2.3