about summary refs log tree commit diff
path: root/tests
diff options
context:
space:
mode:
authorEric Wong <normalperson@yhbt.net>2011-07-21 03:24:54 +0000
committerLars Hjemli <hjemli@gmail.com>2011-07-21 14:21:52 +0000
commit9cae75d040d9102d4b628ba3c828d95d0251f5c0 (patch)
tree90dd85a1ebcb0c8731bb02823b9d3707e873945d /tests
parenttests: fix failures when CDPATH is set (diff)
downloadcgit-pink-9cae75d040d9102d4b628ba3c828d95d0251f5c0.tar.gz
cgit-pink-9cae75d040d9102d4b628ba3c828d95d0251f5c0.zip
html.c: avoid out-of-bounds access for url_escape_table
This fixes a segfault for me with with -O2 optimization on x86
with gcc (Debian 4.4.5-8) 4.4.5

I can reliably reproduce it with the following parameters
when pointed to the git.git repository:

PATH_INFO='/git-core.git/diff/'
QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8'

Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
e()Sebastian Andrzej Siewior sendfile() does the same job and avoids to copy the content into userland and back. One has to define NO_SENDFILE in case the OS (kernel / libc) does not supported. It is disabled by default on non-linux environemnts. According to the glibc, sendfile64() was added in Linux 2.4 (so it has been there for a while) but after browsing over the mapage of FreeBSD's I noticed that the prototype is little different. Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> 2014-01-19README: document pkg-config for luajitJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17makefile: bump versionJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17mailmap: source before lighttpdJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17ui-shared: do not allow negative minutesJason A. Donenfeld Do to timestamp differences, sometimes cgit would should "-0 min", which doesn't make any sense. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17auth: document tweakables in lua scriptJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17repolist: make owner clickable to searchJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17ui-shared: move about tab all the way to the leftJason A. Donenfeld There were no objections (at the time of committing this): http://lists.zx2c4.com/pipermail/cgit/2013-May/001393.html http://lists.zx2c4.com/pipermail/cgit/2014-January/001904.html Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17filter: don't forget to reap the auth filterJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17cgit.c: free tmp variableJason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-17Switch to exclusively using global ctxLukas Fleischer Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_print_http_headers() * cgit_print_docstart() * cgit_print_pageheader() Remove context parameter from all commands Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_get_cmd() * All cgit command functions. * cgit_clone_info() * cgit_clone_objects() * cgit_clone_head() * cgit_print_plain() * cgit_show_stats() In initialization routines, use the global context variable instead of passing a pointer around locally. Remove callback data parameter for cache slots This is no longer needed since the context is always read from the global context variable. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-16auth: have cgit calculate login addressJason A. Donenfeld This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16auth: lua string comparisons are time invariantJason A. Donenfeld By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16authentication: use hidden form instead of refererJason A. Donenfeld This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16auth: add basic authentication filter frameworkJason A. Donenfeld This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2014-01-16t0111: Additions and fixesLukas Fleischer * Rename the capitalize-* filters to dump.* since they also dump the arguments. * Add full argument validation to the email filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> 2014-01-16parsing.c: Remove leading space from committerLukas Fleischer