git查看某个文件的提交记录

有时候分析漏洞我们需要看看怎么修复的,什么时候谁修复的,提交的id是多少,下面的命令就很有用

假如我们知道漏洞出现在某个文件,我们只要执行下面命令,即可看到这个文件的修改记录

1
git log -p 文件名

比如下面的例子

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
$ git log -p slirp/tcp_subr.c
commit 345fab6ffe57b0bf6dccbc0844f45f77b91d9de0
Author: Prasad J Pandit <[email protected]>
Date: Sun Jan 13 23:29:48 2019 +0530

slirp: check data length while emulating ident function

While emulating identification protocol, tcp_emu() does not check
available space in the 'sc_rcv->sb_data' buffer. It could lead to
heap buffer overflow issue. Add check to avoid it.

Reported-by: Kira <[email protected]>
Signed-off-by: Prasad J Pandit <[email protected]>
Signed-off-by: Samuel Thibault <[email protected]>
(cherry picked from commit a7104eda7dab99d0cdbd3595c211864cba415905)
*CVE-2019-6778
Signed-off-by: Michael Roth <[email protected]>

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 473c8b0..aa88de8 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -640,6 +640,11 @@ tcp_emu(struct socket *so, struct mbuf *m)
socklen_t addrlen = sizeof(struct sockaddr_in);
struct sbuf *so_rcv = &so->so_rcv;

+ if (m->m_len > so_rcv->sb_datalen
+ - (so_rcv->sb_wptr - so_rcv->sb_data)) {
+ return 1;
+ }
+
memcpy(so_rcv->sb_wptr, m->m_data, m->m_len);
so_rcv->sb_wptr += m->m_len;
so_rcv->sb_rptr += m->m_len;
......
......
......

看到了这个commit id,你可以用git show id去查看,不过跟上面的结果看到的是一样的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
$ git show 345fab6ffe57b0bf6dccbc0844f45f77b91d9de0
commit 345fab6ffe57b0bf6dccbc0844f45f77b91d9de0
Author: Prasad J Pandit <[email protected]>
Date: Sun Jan 13 23:29:48 2019 +0530

slirp: check data length while emulating ident function

While emulating identification protocol, tcp_emu() does not check
available space in the 'sc_rcv->sb_data' buffer. It could lead to
heap buffer overflow issue. Add check to avoid it.

Reported-by: Kira <[email protected]>
Signed-off-by: Prasad J Pandit <[email protected]>
Signed-off-by: Samuel Thibault <[email protected]>
(cherry picked from commit a7104eda7dab99d0cdbd3595c211864cba415905)
*CVE-2019-6778
Signed-off-by: Michael Roth <[email protected]>

diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 473c8b0..aa88de8 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -640,6 +640,11 @@ tcp_emu(struct socket *so, struct mbuf *m)
socklen_t addrlen = sizeof(struct sockaddr_in);
struct sbuf *so_rcv = &so->so_rcv;

+ if (m->m_len > so_rcv->sb_datalen
+ - (so_rcv->sb_wptr - so_rcv->sb_data)) {
+ return 1;
+ }
+
memcpy(so_rcv->sb_wptr, m->m_data, m->m_len);
so_rcv->sb_wptr += m->m_len;
so_rcv->sb_rptr += m->m_len;
(END)

github上直接搜索这个commit id就可以了

题外话

更进一步,假如你想看看这个文件每一行最新是谁修改的,使用git blame 文件名

例子如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
git blame  slirp/tcp_subr.c
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 1) /*
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 2) * Copyright (c) 1982, 1986, 1988, 1990, 1993
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 3) * The Regents of the University of California. All rights reserved.
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 4) *
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 5) * Redistribution and use in source and binary forms, with or without
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 6) * modification, are permitted provided that the following conditions
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 7) * are met:
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 8) * 1. Redistributions of source code must retain the above copyright
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 9) * notice, this list of conditions and the following disclaimer.
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 10) * 2. Redistributions in binary form must reproduce the above copyright
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 11) * notice, this list of conditions and the following disclaimer in the
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 12) * documentation and/or other materials provided with the distribution.
2f5f89963 (Anthony Liguori 2009-01-26 19:37:41 +0000 13) * 3. Neither the name of the University nor the names of its contributors
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 14) * may be used to endorse or promote products derived from this software
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 15) * without specific prior written permission.
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 16) *
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 17) * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 18) * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,THE
f0cbd3ec9 (Fabrice Bellard 2004-04-22 00:10:48 +0000 19) * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
......
......
......
自愿打赏专区