From b1f17f168b91d709c0c0e62608de301a36f06da9 Mon Sep 17 00:00:00 2001 From: John Keeping Date: Mon, 1 Apr 2013 19:03:34 +0100 Subject: Fix out-of-bounds memory accesses with virtual_root="" The CGit configuration variable virtual_root is normalized so that it does not have a trailing '/' character, but it is allowed to be empty (the empty string and NULL have different meanings here) and there is code that is insufficiently cautious when checking if it ends in a '/': if (virtual_root[strlen(virtual_root) - 1] != '/') Clearly this check is redundant, but rather than simply removing it we get a slight efficiency improvement by switching the normalization so that the virtual_root variable always ends in '/'. Do this with a new "ensure_end" helper. Signed-off-by: John Keeping --- cgit.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'cgit.c') diff --git a/cgit.c b/cgit.c index ca3034c..6f75db1 100644 --- a/cgit.c +++ b/cgit.c @@ -155,9 +155,7 @@ static void config_cb(const char *name, const char *value) else if (!strcmp(name, "strict-export")) ctx.cfg.strict_export = xstrdup(value); else if (!strcmp(name, "virtual-root")) { - ctx.cfg.virtual_root = trim_end(value, '/'); - if (!ctx.cfg.virtual_root && (!strcmp(value, "/"))) - ctx.cfg.virtual_root = ""; + ctx.cfg.virtual_root = ensure_end(value, '/'); } else if (!strcmp(name, "nocache")) ctx.cfg.nocache = atoi(value); else if (!strcmp(name, "noplainemail")) @@ -833,11 +831,8 @@ int main(int argc, const char **argv) * that virtual-root equals SCRIPT_NAME, minus any possibly * trailing slashes. */ - if (!ctx.cfg.virtual_root && ctx.cfg.script_name) { - ctx.cfg.virtual_root = trim_end(ctx.cfg.script_name, '/'); - if (!ctx.cfg.virtual_root) - ctx.cfg.virtual_root = ""; - } + if (!ctx.cfg.virtual_root && ctx.cfg.script_name) + ctx.cfg.virtual_root = ensure_end(ctx.cfg.script_name, '/'); /* If no url parameter is specified on the querystring, lets * use PATH_INFO as url. This allows cgit to work with virtual -- cgit 1.4.1 howmsg=1&follow=1'>root/bin/1sh/eval.h (unfollow)
Commit message (Collapse)Author
2020-03-19Add The Ten Thousand Doors of JanuaryJune McEnroe
Uh oh, the library is closed.
2020-03-09Add HISTFILE history savingJune McEnroe
2020-03-09Source .editrc before applying -v or -eJune McEnroe
Otherwise a bind -v in .editrc will take precedence and overwrite the ^I binding for sh-complete.
2020-03-09Add \? exit status prompt expansionJune McEnroe
2020-03-09Shorten $HOME to ~ in prompt expansionJune McEnroe
2020-03-09Add PS0 pre-prompt stringJune McEnroe
2020-03-09Add RPS1 and RPS2 right promptsJune McEnroe
2020-03-09Fix copyright and rcsidJune McEnroe
2020-03-09Replace strchrnul with strchrJune McEnroe
2020-03-09Replace eaccess with faccessatJune McEnroe
2020-03-09Replace st_mtim with st_mtimespecJune McEnroe
2020-03-09Replace sys_nsig with NSIGJune McEnroe
2020-03-09Replace 1sh MakefileJune McEnroe
2020-03-09Rename manual pages to 1shJune McEnroe
2020-03-09Move bltin out of subdirectoryJune McEnroe
2020-03-09Import /usr/src/usr.bin/printf from FreeBSD 12.1-RELEASEJune McEnroe
2020-03-09Import /usr/src/bin/test from FreeBSD 12.1-RELEASEJune McEnroe
2020-03-09Import /usr/src/bin/kill from FreeBSD 12.1-RELEASEJune McEnroe
2020-03-09Remove extraneous files from sh sourcesJune McEnroe
2020-03-09Import /usr/src/bin/sh from FreeBSD 12.1-RELEASEJune McEnroe
2020-03-09Remove 1sh sourcesJune McEnroe
I'm going to recreate it from fresh sh sources for clean git history.
2020-03-08Add The Stone SkyJune McEnroe
2020-03-08Publish "How I Relay Chat"June McEnroe
2020-03-03Don't use $ inside $(())June McEnroe
2020-03-03Remove setoptJune McEnroe
2020-03-03Use getopts in shell scriptsJune McEnroe
WTF why did no one tell me about this?
2020-02-27Style %T outside of Rs in italicJune McEnroe
2020-02-26Add Fierce Femmes and Notorious LiarsJune McEnroe
2020-02-23Add This Is How You Lose the Time WarJune McEnroe
2020-02-22Add See Ya LaterJune McEnroe
2020-02-20Remove wiki scriptJune McEnroe
Wikipedia seems to have removed the one-sentence extracts from the opensearch results. Too bad. It's not a wiki script, what we need is a command that fetches single-sentence summaries of articles on Wikipedia.
2020-02-19Add The Obelisk GateJune McEnroe
2020-02-17Add Four Tet — HandsJune McEnroe
One from the cafe that caught my attention.
2020-02-12Simplify macOS notify-sendJune McEnroe
2020-02-12Add imbox and notemap to pageJune McEnroe
2020-02-12Collapse simple linksJune McEnroe
2020-02-12Move catgirl up the pageJune McEnroe
2020-02-12Update catgirl pty grabJune McEnroe
2020-02-12Link to cgit /about pages where appropriateJune McEnroe
2020-02-11Separate LINKS from BINS for html to workJune McEnroe
2020-02-11Add margin to Bl-bullet itemsJune McEnroe
2020-02-10Match URLs inside parens or with paired parens insideJune McEnroe
2020-02-10Duplicate effective URL before passing it back to curlJune McEnroe
Apparently sometimes it didn't like receiving its own internal storage to parse again. Understandable.
2020-02-09Add To Be Taught, If FortunateJune McEnroe
2020-02-04Add The Future of Another TimelineJune McEnroe
Wow. One of the best I've read.
2020-01-31Reorganize the Makefile for the umpteenth timeJune McEnroe
Broke out LDLIBS for each bin, and made everything more uniform.
2020-01-28Change scout sensitivity to 1.4June McEnroe
idk it seems to work.
2020-01-28Import shows.txtJune McEnroe