Mercurial > hg

view tests/test-revlog.t @ 29447:13edc11eb7b7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sslutil: don't load default certificates when they aren't relevant Before, we would call SSLContext.load_default_certs() when certificate verification wasn't being used. Since SSLContext.verify_mode == ssl.CERT_NONE, this would ideally no-op. However, there is a slim chance the loading of system certs could cause a failure. Furthermore, this behavior interfered with a future patch that aims to provide a more helpful error message when we're unable to load CAs. The lack of test fallout is hopefully a sign that our security code and tests are in a relatively good state.
author Gregory Szorc <gregory.szorc@gmail.com>
date Wed, 29 Jun 2016 19:38:24 -0700
parents d9179856d732
children 151cc3b3d799
line wrap: on
line source

Test for CVE-2016-3630

  $ hg init

  >>> open("a.i", "w").write(
  ... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD
  ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA=="""
  ... .decode("base64").decode("zlib"))

  $ hg debugindex a.i
     rev    offset  length  delta linkrev nodeid       p1           p2
       0         0      19     -1       2 99e0332bd498 000000000000 000000000000
       1        19      12      0       3 6674f57a23d8 99e0332bd498 000000000000
  $ hg debugdata a.i 1 2>&1 | egrep 'Error:.*decoded'
  (mercurial.mpatch.)?mpatchError: patch cannot be decoded (re)