Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The authors of this post use git submodules internally. They noticed that long submodule URLs led to crashes on a GitHub repository page. They weren't sure why so they started fuzzing it. Eventualy, they noticed that deinitializing submodules sometimes creates new sections in .git/config. But why?

When reading configuration files in groups of bytes of 1024, it assumed that the beginning of a read is the beginning of a line. However, with super long lines this isn't the case. So, providing a line with 1024 characters and then a [ for a section header would make the parser believe it was looking at a new section when it really wasn't!

By providing a malicious URL that is controllable by an attacker, they could smuggle commands, such as bash commands, into a .git/config using this. They found this was possible via a section was being removed or renamed.

The most interesting part to me was how they found the bug. It wasn't a crash in the git client - it was a side effect. Then, after some investigation, they discovered the reason why this was happening. Once you see the bug and the idea, it's straightforward, but it's not an obvious place to look for bugs.