Skip to content

GitLab

Closed
Created by Administrator@rootOwner

Corrupt repository results in Denial of Service

Created by: PAStheLoD

Hello!

A we're hosting somehow ended up with a corrupt master branch file in refs/, which trips up GitLab.

root@git:/home/git/repositories/pas/someproject.git/refs/heads# cat master 
%�@���%�������������������������%

The result of gitlab:check

root@git:/home/git/gitlab# sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
Checking Environment ...

Git configured for git user? ... yes
Has python2? ... yes
python2 is supported version? ... yes

Checking Environment ... Finished

Checking GitLab Shell ...

GitLab Shell version >= 1.7.9 ? ... OK (1.8.0)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
update hook up-to-date? ... yes
update hooks in repos are links: ... 
namespace / repo ...
namespace / repo ...
namespace / repo ...
namespace / repo ...
namespace / repo ...
[...]
invalid byte sequence in UTF-8
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/gitlab-grit-2.6.3/lib/grit/ref.rb:25:in `split'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/gitlab-grit-2.6.3/lib/grit/ref.rb:25:in `find_all'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/gitlab-grit-2.6.3/lib/grit/repo.rb:212:in `heads'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/gitlab_git-4.0.0/lib/gitlab_git/repository.rb:46:in `branches'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/gitlab_git-4.0.0/lib/gitlab_git/repository.rb:41:in `branch_names'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/gitlab_git-4.0.0/lib/gitlab_git/repository.rb:84:in `discover_default_branch'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/gitlab_git-4.0.0/lib/gitlab_git/repository.rb:29:in `initialize'
/home/git/gitlab/app/models/repository.rb:8:in `new'
/home/git/gitlab/app/models/repository.rb:8:in `initialize'
/home/git/gitlab/app/models/project.rb:177:in `new'
/home/git/gitlab/app/models/project.rb:177:in `repository'
/home/git/gitlab/app/models/project.rb:366:in `empty_repo?'
/home/git/gitlab/lib/tasks/gitlab/check.rake:529:in `block in check_repos_update_hooks_is_link'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/activerecord-4.0.2/lib/active_record/relation/batches.rb:26:in `block (2 levels) in find_each'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/activerecord-4.0.2/lib/active_record/relation/batches.rb:26:in `each'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/activerecord-4.0.2/lib/active_record/relation/batches.rb:26:in `block in find_each'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/activerecord-4.0.2/lib/active_record/relation/batches.rb:75:in `find_in_batches'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/activerecord-deprecated_finders-1.0.3/lib/active_record/deprecated_finders/relation.rb:70:in `find_in_batches'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/activerecord-4.0.2/lib/active_record/relation/batches.rb:25:in `find_each'
/home/git/gitlab/vendor/bundle/ruby/2.0.0/gems/activerecord-4.0.2/lib/active_record/querying.rb:8:in `find_each'
/home/git/gitlab/lib/tasks/gitlab/check.rake:526:in `check_repos_update_hooks_is_link'
/home/git/gitlab/lib/tasks/gitlab/check.rake:379:in `block (3 levels) in <top (required)>'
Tasks: TOP => gitlab:check => gitlab:gitlab_shell:check
(See full trace by running task with --trace)