git查看某个文件的提交记录
2020-4-17 00:0:0 Author: www.giantbranch.cn(查看原文) 阅读量:20 收藏

发表于 |

有时候分析漏洞我们需要看看怎么修复的,什么时候谁修复的,提交的id是多少,下面的命令就很有用

假如我们知道漏洞出现在某个文件,我们只要执行下面命令,即可看到这个文件的修改记录

1
git log -p 文件名

比如下面的例子

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
$ git log -p slirp/tcp_subr.c
commit 345fab6ffe57b0bf6dccbc0844f45f77b91d9de0
Author: Prasad J Pandit <[email protected]>
Date:   Sun Jan 13 23:29:48 2019 +0530

    slirp: check data length while emulating ident function

    While emulating identification protocol, tcp_emu() does not check
    available space in the 'sc_rcv->sb_data' buffer. It could lead to
    heap buffer overflow issue. Add check to avoid it.

    Reported-by: Kira <[email protected]>
    Signed-off-by: Prasad J Pandit <[email protected]>
    Signed-off-by: Samuel Thibault <[email protected]>
    (cherry picked from commit a7104eda7dab99d0cdbd3595c211864cba415905)
    *CVE-2019-6778
    Signed-off-by: Michael Roth <[email protected]>

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 473c8b0..aa88de8 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -640,6 +640,11 @@ tcp_emu(struct socket *so, struct mbuf *m)
                        socklen_t addrlen = sizeof(struct sockaddr_in);
                        struct sbuf *so_rcv = &so->so_rcv;

+                       if (m->m_len > so_rcv->sb_datalen
+                                       - (so_rcv->sb_wptr - so_rcv->sb_data)) {
+                           return 1;
+                       }
+
                        memcpy(so_rcv->sb_wptr, m->m_data, m->m_len);
                        so_rcv->sb_wptr += m->m_len;
                        so_rcv->sb_rptr += m->m_len;
......
......
......

看到了这个commit id,你可以用git show id去查看,不过跟上面的结果看到的是一样的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
$ git show 345fab6ffe57b0bf6dccbc0844f45f77b91d9de0
commit 345fab6ffe57b0bf6dccbc0844f45f77b91d9de0
Author: Prasad J Pandit <[email protected]>
Date:   Sun Jan 13 23:29:48 2019 +0530

    slirp: check data length while emulating ident function

    While emulating identification protocol, tcp_emu() does not check
    available space in the 'sc_rcv->sb_data' buffer. It could lead to
    heap buffer overflow issue. Add check to avoid it.

    Reported-by: Kira <[email protected]>
    Signed-off-by: Prasad J Pandit <[email protected]>
    Signed-off-by: Samuel Thibault <[email protected]>
    (cherry picked from commit a7104eda7dab99d0cdbd3595c211864cba415905)
    *CVE-2019-6778
    Signed-off-by: Michael Roth <[email protected]>

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 473c8b0..aa88de8 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -640,6 +640,11 @@ tcp_emu(struct socket *so, struct mbuf *m)
                        socklen_t addrlen = sizeof(struct sockaddr_in);
                        struct sbuf *so_rcv = &so->so_rcv;

+                       if (m->m_len > so_rcv->sb_datalen
+                                       - (so_rcv->sb_wptr - so_rcv->sb_data)) {
+                           return 1;
+                       }
+
                        memcpy(so_rcv->sb_wptr, m->m_data, m->m_len);
                        so_rcv->sb_wptr += m->m_len;
                        so_rcv->sb_rptr += m->m_len;
(END)

github上直接搜索这个commit id就可以了

更进一步,假如你想看看这个文件每一行最新是谁修改的,使用git blame 文件名

例子如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
git blame  slirp/tcp_subr.c
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000   1) /*
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000   2)  * Copyright (c) 1982, 1986, 1988, 1990, 1993
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000   3)  * The Regents of the University of California.  All rights reserved.
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000   4)  *
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000   5)  * Redistribution and use in source and binary forms, with or without
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000   6)  * modification, are permitted provided that the following conditions
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000   7)  * are met:
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000   8)  * 1. Redistributions of source code must retain the above copyright
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000   9)  *    notice, this list of conditions and the following disclaimer.
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000  10)  * 2. Redistributions in binary form must reproduce the above copyright
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000  11)  *    notice, this list of conditions and the following disclaimer in the
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000  12)  *    documentation and/or other materials provided with the distribution.
2f5f89963 (Anthony Liguori    2009-01-26 19:37:41 +0000  13)  * 3. Neither the name of the University nor the names of its contributors
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000  14)  *    may be used to endorse or promote products derived from this software
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000  15)  *    without specific prior written permission.
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000  16)  *
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000  17)  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000  18)  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,THE
f0cbd3ec9 (Fabrice Bellard    2004-04-22 00:10:48 +0000  19)  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
......
......
......

假如你看不到评论,可能是你访问Disqus被墙了,请使用代理访问


文章来源: https://www.giantbranch.cn/2020/04/17/git%E6%9F%A5%E7%9C%8B%E6%9F%90%E4%B8%AA%E6%96%87%E4%BB%B6%E7%9A%84%E6%8F%90%E4%BA%A4%E8%AE%B0%E5%BD%95/
如有侵权请联系:admin#unsafe.sh