Issue 3557: Invalid ref name is accepted by Gerrit and breaks the repository access
Status:  Submitted
Owner: ----
Closed:  Sep 14
Project Member Reported by bassem.rabil, Sep 9, 2015
*****************************************************************
*****                                                       *****
***** !!!! THIS BUG TRACKER IS FOR GERRIT CODE REVIEW !!!!  *****
*****                                                       *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, CYANOGENMOD,  *****
***** INTERNAL ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.*****
*****                                                       *****
*****   THOSE ISSUES BELONG IN DIFFERENT ISSUE TRACKERS     *****
*****                                                       *****
*****************************************************************

Affected Version:
2.11.3

What steps will reproduce the problem?
1. Using web UI, edit project configuration adding permissions to a ref called "^refs/heads/tmp/sdk/[0-9]{3,3}_R[1-9][A-Z][0-9]{3,3}*"
2. Save and submit this permissions change, Gerrit will accept such invalid pattern for the ref.


What is the expected output? What do you see instead?
- Instead of rejecting such an invalid pattern for a ref name, Gerrit accepts it, and the access to this repository is blocked because of issues parsing this invalid ref name.


Please provide any additional information below.
- When trying to clone the repository, you get:
$ git clone ssh://localhost:29418/<project-name>
Cloning into 'project-name'...
fatal: Dangling meta character '*' near index 52
^refs/heads/tmp/sdk/[0-9]{3,3}_R[1-9][A-Z][0-9]{3,3}*
^
fatal: Could not read from remote repository.

And in the error_log:
[2015-08-27 04:26:14,028] ERROR com.google.gerrit.server.index.ReindexAfterUpdate : Failed to reindex changes after Event[<project-name>,refs/meta/config: <SHA-1> -> <SHA-1>]
java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 52
^refs/heads/tmp/sdk/[0-9]{3,3}_R[1-9][A-Z][0-9]{3,3}*
^
at java.util.regex.Pattern.error(Pattern.java:1924)
at java.util.regex.Pattern.sequence(Pattern.java:2090)
at java.util.regex.Pattern.expr(Pattern.java:1964)
at java.util.regex.Pattern.compile(Pattern.java:1665)
at java.util.regex.Pattern.<init>(Pattern.java:1337)
at java.util.regex.Pattern.compile(Pattern.java:1022)
at com.google.gerrit.server.project.RefPatternMatcher$Regexp.<init>(RefPatternMatcher.java:71)

- When trying ls-projects on the Gerrit instance with a project with such an issue, the ls-projects aborts whenever this project is encountered, i.e.
$ ssh -p 29418 localhost gerrit ls-projects | grep <project-name>
fatal: internal server error


Sep 10, 2015
Project Member #2 bassem.rabil
A fix is submitted at: https://gerrit-review.googlesource.com/#/c/70785/
Status: ChangeUnderReview
Sep 14, 2015
Project Member #3 david.pu...@sonymobile.com
(No comment was entered for this change.)
Status: Submitted
Labels: FixedIn-2.11.4
Nov 19, 2015
#4 hau...@gmail.com
I have this issue. How to patch the Dangling meta character? Or only solution is to upgrade the old gerrit to latest fixed 2.11.4?
Nov 20, 2015
Project Member #5 bassem.rabil
To fix the invalid permission pattern. You will need to revert back to the latest refs/meta/config of this project before this faulty permissions were pushed. You can do that either by restoring from a backup or you can obtain this from slave instance if you have replication to another remote site. The fix for this issue should prevent receiving such faulty permission pattern.