Gitlab::Git::CommandError `13:cannot skip to offset: offset 40 is invalid` should be a client error
Summary
While looking at a mysterious increase in web error rates, we noticed, that some requests caused a Gitlab::Git::CommandError
with the message 13:cannot skip to offset: offset 40 is invalid: <nil>.
to be reported as HTTP 500. Matching requests can be found here internal.
In our understanding, since the offset
is user-provided, this should be reported as an HTTP 400-class error.
Marked as confidential for now, as I am not sure if this could be an attack vector.
Steps to reproduce
The specific error seems to be caused by sending this payload (json.params
in the logs) to the project's endpoint at https://gitlab.com/<namespace>/<project>/-/commits/master
.
{
"key": "limit",
"value": "40"
},
{
"key": "offset",
"value": "40"
},
{
"key": "namespace_id",
"value": "<namespace>"
},
{
"key": "project_id",
"value": "<project>"
},
{
"key": "id",
"value": "master"
}
Example Project
What is the current bug behavior?
Gitlab::Git::CommandError
with the message 13:cannot skip to offset: offset 40 is invalid: <nil>.
is reported as HTTP 500.
What is the expected correct behavior?
Gitlab::Git::CommandError
with the message 13:cannot skip to offset: offset 40 is invalid: <nil>.
is reported as HTTP 4XX.
Relevant logs and/or screenshots
Matching requests can be found here internal.
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)