diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2026-05-04 19:13:13 +0300 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2026-05-04 19:28:27 +0300 |
| commit | ed05b1054df10a2fbc68000cfdd429daec03a456 (patch) | |
| tree | 21563e3f6537e7db4b26c446edc4d9b1f8cfbccc /scan-tree.c | |
| parent | e7e8cf1801b06a9f7f5092671b0413689a765fe7 (diff) | |
cgit: truncate all config values at the newline
These would be largely invalid anyway (save, I suppose, for Linux file
paths that technically can contain new lines).
The actual problem is that these get printed back out into cached -- and
trusted -- cgitrc files, and if the fields have newlines, the git-config
way of less trusted users configuring repos on a shared system can be
abused to inject newlines, which then can be used to smuggle global
options (including filters, which execute code) into the cached cgitrc.
So now, only ever duplicate up to the newline, when dealing with these
inputs.
Reported-by: Adrian Denkiewicz <adrian@doyensec.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'scan-tree.c')
| -rw-r--r-- | scan-tree.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/scan-tree.c b/scan-tree.c index 867fcf7..c120efe 100644 --- a/scan-tree.c +++ b/scan-tree.c @@ -133,7 +133,7 @@ static void add_repo(const char *base, struct strbuf *path) strip_suffix_mem(repo->url, &urllen, "/"); repo->url[urllen] = '\0'; } - repo->path = xstrdup(path->buf); + repo->path = strdup_first_line(path->buf); while (!repo->owner) { if ((pwd = getpwuid(st.st_uid)) == NULL) { fprintf(stderr, "Error reading owner-info for %s: %s (%d)\n", @@ -143,13 +143,13 @@ static void add_repo(const char *base, struct strbuf *path) if (pwd->pw_gecos) if ((p = strchr(pwd->pw_gecos, ','))) *p = '\0'; - repo->owner = xstrdup(pwd->pw_gecos ? pwd->pw_gecos : pwd->pw_name); + repo->owner = strdup_first_line(pwd->pw_gecos ? pwd->pw_gecos : pwd->pw_name); } if (repo->desc == cgit_default_repo_desc || !repo->desc) { strbuf_addstr(path, "description"); if (!stat(path->buf, &st)) - readfile(path->buf, &repo->desc, &size); + read_first_line(path->buf, &repo->desc, &size); strbuf_setlen(path, pathlen); } @@ -166,7 +166,7 @@ static void add_repo(const char *base, struct strbuf *path) } if (slash && !n) { *slash = '\0'; - repo->section = xstrdup(rel.buf); + repo->section = strdup_first_line(rel.buf); *slash = '/'; if (starts_with(repo->name, repo->section)) { repo->name += strlen(repo->section); |