Skip to content
Permalink
Branch: master
Commits on Apr 2, 2019
  1. Add support for '%F' date format specifier

    mbudde authored and tbm committed Mar 31, 2019
    '%F' is equivalent to '%Y-%m-%d'. Using the '%F' format without this
    change this would not give any hard errors but instead give dates with
    wrong years because the 'has_year' trait would not be correctly
    detected and thus parsed dates would get set to the current year.
    
    Fixes #1775
  2. Remove dead code

    mbudde authored and tbm committed Mar 31, 2019
Commits on Mar 30, 2019
  1. Fix tag value parsing

    mbudde authored and tbm committed Feb 16, 2019
    If a tag is more than 2 characters from the beginning of the comment the
    tag value offset will be wrong. #1702 gives an example where the tag
    line starts with `;;` and the tag value thus becomes `: Bar` because of
    this bug.
    
    The use `index` in the offset calulation seems to be a lucky coincidence
    that works in the common case: "; tag: value"
    
    Fixes #1702
  2. Reject postings with comment after flag

    mbudde authored and tbm committed Feb 23, 2019
    Fixes #1753
Commits on Jan 28, 2019
  1. Fix use-after-free when destroying filter chain

    mbudde committed Jan 28, 2019
    When using the `--gain` option the `temporaries_t` in
    `changed_value_posts` filter stores a reference to the `<Revalued>` temp
    account created in `display_filter_posts`. When destroying the filter
    chain `display_filter_posts` is destroyed before `changed_value_posts`
    and this can result in a use-after-free in `temporaries_t::clear()` when
    `temps` in `changed_value_posts` is cleared during destruction if there
    are any temp posts referencing the `<Revalued>` account.
    
    Fix the issue by clearing the `temporaries_t` in `changed_value_posts`
    before destroying the rest of the filter chain (which includes
    `display_filter_posts`).
    
    Fixes #541
Commits on Jan 26, 2019
  1. Fix possible stack overflow in date parsing routine

    mbudde authored and tbm committed Jan 26, 2019
    It is possible to create a stack overflow by giving a date that is
    longer than the buffer that is used during date parsing because the
    length of the input string is not checked. The `VERIFY` macro is only
    enabled when debug-mode is enabled and the `--verify-memory` argument is
    used.
    
    Prevent the issue by always checking the input string length and
    discarding dates that does not fit in the buffer as invalid.
    
    This issue has been assigned CVE-2017-12482.
    
    Fixes #1224
Commits on Jan 23, 2019
  1. Ignore null deferred postings

    mbudde committed Jan 22, 2019
    All-null transactions (i.e. a transaction where all postings have a null
    amount) are discarded during parsing and the `xact` object is free'd.
    But if the transaction contains a deferred posting this results in a
    use-after-free vulnerability because a reference to the deferred posting
    is stored in the account object which is later read when deferred
    postings are applied after parsing is finished.
    
    Ignore null deferred postings to prevent this – they should not have any
    effect any way.
    
    Thanks to Cory Duplantis for reporting this issue and providing an
    initial analysis.
    
    Ref TALOS-2017-0304, CVE-2017-2808
    Fixes #1723
Commits on Jan 25, 2018
  1. Fix handling of edge cases in trim function

    mbudde committed Jan 25, 2018
    Fixes #520
  2. Add support for --prepend-format in accounts command

    mbudde committed Jan 25, 2018
    Add support for the `--prepend-format` and `--prepend-width` options in
    the `accounts` command.
Commits on Jan 4, 2018
  1. Fix segfault when using --market with --group-by

    mbudde committed Jan 4, 2018
    `changed_value_posts::create_accounts()` reuses the `<Revalued>` account
    from `display_filter`, but when clearing `changed_value_posts`
    `create_accounts()` would be called before the account had been
    recreated by `display_filter_posts`. This results in a segfault when
    using the --group-by option.
    
    I'm not sure if `display_filter_posts` has the same problem but I
    reordered the calls there too for good measure.
Commits on Jan 1, 2018
  1. Initialize field in constructor

    mbudde committed Jan 1, 2018
    Should fix problem with garbage being read from this field causing some
    test failures on my machine.
Commits on Oct 30, 2017
  1. Fix sentence broken by d1928e6

    mbudde committed Oct 30, 2017
You can’t perform that action at this time.