My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 3557: Invalid ref name is accepted by Gerrit and breaks the repository access
2 people starred this issue and may be notified of changes. Back to list
Status:  Submitted
Owner:  ----
Closed:  Sep 14


Sign in to add a comment
 
Project Member Reported by bassem.rabil, Sep 9, 2015
*****************************************************************
*****                                                       *****
***** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!!  *****
*****                                                       *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, CYANOGENMOD,  *****
***** INTERNAL ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.*****
*****                                                       *****
*****   THOSE ISSUES BELONG IN DIFFERENT ISSUE TRACKERS     *****
*****                                                       *****
*****************************************************************

Affected Version:
2.11.3

What steps will reproduce the problem?
1. Using web UI, edit project configuration adding permissions to a ref called "^refs/heads/tmp/sdk/[0-9]{3,3}_R[1-9][A-Z][0-9]{3,3}*"
2. Save and submit this permissions change, Gerrit will accept such invalid pattern for the ref.


What is the expected output? What do you see instead?
- Instead of rejecting such an invalid pattern for a ref name, Gerrit accepts it, and the access to this repository is blocked because of issues parsing this invalid ref name.


Please provide any additional information below.
- When trying to clone the repository, you get:
$ git clone ssh://localhost:29418/<project-name>
Cloning into 'project-name'...
fatal: Dangling meta character '*' near index 52
^refs/heads/tmp/sdk/[0-9]{3,3}_R[1-9][A-Z][0-9]{3,3}*
^
fatal: Could not read from remote repository.

And in the error_log:
[2015-08-27 04:26:14,028] ERROR com.google.gerrit.server.index.ReindexAfterUpdate : Failed to reindex changes after Event[<project-name>,refs/meta/config: <SHA-1> -> <SHA-1>]
java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 52
^refs/heads/tmp/sdk/[0-9]{3,3}_R[1-9][A-Z][0-9]{3,3}*
^
at java.util.regex.Pattern.error(Pattern.java:1924)
at java.util.regex.Pattern.sequence(Pattern.java:2090)
at java.util.regex.Pattern.expr(Pattern.java:1964)
at java.util.regex.Pattern.compile(Pattern.java:1665)
at java.util.regex.Pattern.<init>(Pattern.java:1337)
at java.util.regex.Pattern.compile(Pattern.java:1022)
at com.google.gerrit.server.project.RefPatternMatcher$Regexp.<init>(RefPatternMatcher.java:71)

- When trying ls-projects on the Gerrit instance with a project with such an issue, the ls-projects aborts whenever this project is encountered, i.e.
$ ssh -p 29418 localhost gerrit ls-projects | grep <project-name>
fatal: internal server error


Sep 10, 2015
Project Member #2 bassem.rabil
A fix is submitted at: https://gerrit-review.googlesource.com/#/c/70785/
Status: ChangeUnderReview
Sep 14, 2015
Project Member #3 david.pu...@sonymobile.com
(No comment was entered for this change.)
Status: Submitted
Labels: FixedIn-2.11.4
Nov 19, 2015
#4 hau...@gmail.com
I have this issue. How to patch the Dangling meta character? Or only solution is to upgrade the old gerrit to latest fixed 2.11.4?
Nov 20, 2015
Project Member #5 bassem.rabil
To fix the invalid permission pattern. You will need to revert back to the latest refs/meta/config of this project before this faulty permissions were pushed. You can do that either by restoring from a backup or you can obtain this from slave instance if you have replication to another remote site. The fix for this issue should prevent receiving such faulty permission pattern.
Sign in to add a comment

Powered by Google Project Hosting