From 2269669fb11224da272aebe2f02393388c62a0fd Mon Sep 17 00:00:00 2001
From: David Pursehouse <david.pursehouse@gmail.com>
Date: Tue, 18 Dec 2018 15:44:44 +0900
Subject: [PATCH 1/2] TransferConfig: Make constructors public

UploadPack has a setTransferConfig method which allows to set the
transfer config, however since the constructors of TransferConfig
have the default package visibility it is not possible for any
application using UploadPack, for example Gerrit, to actually set
a transfer config.

Make the constructors public. This is consistent with the public
constructors for example on PackConfig.

Change-Id: I07080255838421871403b2b2bcc294aa8f621c57
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
---
 .../jgit/transport/TransferConfig.java        | 23 +++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransferConfig.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransferConfig.java
index 6b8d5c598..59740c4dc 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransferConfig.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/TransferConfig.java
@@ -133,12 +133,31 @@ enum ProtocolVersion {
 	final @Nullable ProtocolVersion protocolVersion;
 	final String[] hideRefs;
 
-	TransferConfig(Repository db) {
+	/**
+	 * Create a configuration honoring the repository's settings.
+	 *
+	 * @param db
+	 *            the repository to read settings from. The repository is not
+	 *            retained by the new configuration, instead its settings are
+	 *            copied during the constructor.
+	 * @since 5.1.4
+	 */
+	public TransferConfig(Repository db) {
 		this(db.getConfig());
 	}
 
+	/**
+	 * Create a configuration honoring settings in a
+	 * {@link org.eclipse.jgit.lib.Config}.
+	 *
+	 * @param rc
+	 *            the source to read settings from. The source is not retained
+	 *            by the new configuration, instead its settings are copied
+	 *            during the constructor.
+	 * @since 5.1.4
+	 */
 	@SuppressWarnings("nls")
-	TransferConfig(Config rc) {
+	public TransferConfig(Config rc) {
 		boolean fsck = rc.getBoolean("transfer", "fsckobjects", false);
 		fetchFsck = rc.getBoolean("fetch", "fsckobjects", fsck);
 		receiveFsck = rc.getBoolean("receive", "fsckobjects", fsck);

From f4fc6404baac5a6a5db34f71e62fb62fd8f1b8ef Mon Sep 17 00:00:00 2001
From: David Pursehouse <david.pursehouse@gmail.com>
Date: Tue, 18 Dec 2018 19:53:26 +0900
Subject: [PATCH 2/2] BasePackConnection: Check for expected length of ref
 advertisement

When a server sends a ref advertisement using protocol v2 it contains
lines other than ref names and sha1s.  Attempting to get the sha1 out
of such a line using the substring method can result in a SIOOB error
when it doesn't actually contain the sha1 and ref name.

Add a check that the line is of the expected length, and subsequently
that the extracted object id is valid, and if not throw an exception.

Change-Id: Id92fe66ff8b6deb2cf987d81929f8d0602c399f4
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
---
 .../eclipse/jgit/internal/JGitText.properties    |  1 +
 .../src/org/eclipse/jgit/internal/JGitText.java  |  1 +
 .../jgit/transport/BasePackConnection.java       | 16 +++++++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
index 3f1d21289..b0c952cd4 100644
--- a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
+++ b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties
@@ -390,6 +390,7 @@ invalidPathPeriodAtEndWindows=Invalid path (period at end is ignored by Windows)
 invalidPathSpaceAtEndWindows=Invalid path (space at end is ignored by Windows): {0}
 invalidPathReservedOnWindows=Invalid path (''{0}'' is reserved on Windows): {1}
 invalidRedirectLocation=Invalid redirect location {0} -> {1}
+invalidRefAdvertisementLine=Invalid ref advertisement line: ''{1}''
 invalidReflogRevision=Invalid reflog revision: {0}
 invalidRefName=Invalid ref name: {0}
 invalidReftableBlock=Invalid reftable block
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
index c11ae5a52..6e99ca739 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java
@@ -451,6 +451,7 @@ public static JGitText get() {
 	/***/ public String invalidPathSpaceAtEndWindows;
 	/***/ public String invalidPathReservedOnWindows;
 	/***/ public String invalidRedirectLocation;
+	/***/ public String invalidRefAdvertisementLine;
 	/***/ public String invalidReflogRevision;
 	/***/ public String invalidRefName;
 	/***/ public String invalidReftableBlock;
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java
index 38eae1cd4..fcf78ac7b 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/BasePackConnection.java
@@ -57,6 +57,7 @@
 import java.util.LinkedHashMap;
 import java.util.Set;
 
+import org.eclipse.jgit.errors.InvalidObjectIdException;
 import org.eclipse.jgit.errors.NoRemoteRepositoryException;
 import org.eclipse.jgit.errors.PackProtocolException;
 import org.eclipse.jgit.errors.RemoteRepositoryException;
@@ -222,6 +223,10 @@ private void readAdvertisedRefsImpl() throws IOException {
 				}
 			}
 
+			// Expecting to get a line in the form "sha1 refname"
+			if (line.length() < 41 || line.charAt(40) != ' ') {
+				throw invalidRefAdvertisementLine(line);
+			}
 			String name = line.substring(41, line.length());
 			if (avail.isEmpty() && name.equals("capabilities^{}")) { //$NON-NLS-1$
 				// special line from git-receive-pack to show
@@ -229,7 +234,12 @@ private void readAdvertisedRefsImpl() throws IOException {
 				continue;
 			}
 
-			final ObjectId id = ObjectId.fromString(line.substring(0, 40));
+			final ObjectId id;
+			try {
+				id  = ObjectId.fromString(line.substring(0, 40));
+			} catch (InvalidObjectIdException e) {
+				throw invalidRefAdvertisementLine(line);
+			}
 			if (name.equals(".have")) { //$NON-NLS-1$
 				additionalHaves.add(id);
 			} else if (name.endsWith("^{}")) { //$NON-NLS-1$
@@ -318,6 +328,10 @@ private PackProtocolException duplicateAdvertisement(String name) {
 		return new PackProtocolException(uri, MessageFormat.format(JGitText.get().duplicateAdvertisementsOf, name));
 	}
 
+	private PackProtocolException invalidRefAdvertisementLine(String line) {
+		return new PackProtocolException(uri, MessageFormat.format(JGitText.get().invalidRefAdvertisementLine, line));
+	}
+
 	/** {@inheritDoc} */
 	@Override
 	public void close() {