author | Lars Hjemli <hjemli@gmail.com> | 2009-01-11 20:23:04 (UTC) |
---|---|---|
committer | Lars Hjemli <hjemli@gmail.com> | 2009-01-11 20:23:04 (UTC) |
commit | eb14609dc46461728a065c0a243b338fc32fd762 (patch) (unidiff) | |
tree | f00563342db8859f46ac8141fdaa5d4e17eb940e | |
parent | 720b6ece90900df9f836a45d8e7f1cd56f62400a (diff) | |
download | cgit-eb14609dc46461728a065c0a243b338fc32fd762.zip cgit-eb14609dc46461728a065c0a243b338fc32fd762.tar.gz cgit-eb14609dc46461728a065c0a243b338fc32fd762.tar.bz2 |
Avoid SEGFAULT on invalid requests
When an unknown page is requested, either on the querystring or via
PATH_INFO, we end up with a null-referencing cgit_cmd. This null-
pointer is then used as argument to the hc() function (which decides
what tab to render as 'active'), but this function failed to check if a
valid cmd was specified and a SEGFAULT would occur. This patch fixes the
issue by introducing a 'fallback-cmd' which specifies what tab to render
as 'active' when no valid cmd is requested.
While at it, we now also keep track of the active repository even if an
invalid cmd was requested since we want to show the error message about
the invalid request in the correct context.
Noticed-by: Robin Redeker <elmex@ta-sa.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r-- | cgit.c | 1 | ||||
-rw-r--r-- | ui-shared.c | 7 |
2 files changed, 6 insertions, 2 deletions
@@ -280,25 +280,24 @@ static int prepare_repo_cmd(struct cgit_context *ctx) | |||
280 | } | 280 | } |
281 | return 0; | 281 | return 0; |
282 | } | 282 | } |
283 | 283 | ||
284 | static void process_request(void *cbdata) | 284 | static void process_request(void *cbdata) |
285 | { | 285 | { |
286 | struct cgit_context *ctx = cbdata; | 286 | struct cgit_context *ctx = cbdata; |
287 | struct cgit_cmd *cmd; | 287 | struct cgit_cmd *cmd; |
288 | 288 | ||
289 | cmd = cgit_get_cmd(ctx); | 289 | cmd = cgit_get_cmd(ctx); |
290 | if (!cmd) { | 290 | if (!cmd) { |
291 | ctx->page.title = "cgit error"; | 291 | ctx->page.title = "cgit error"; |
292 | ctx->repo = NULL; | ||
293 | cgit_print_http_headers(ctx); | 292 | cgit_print_http_headers(ctx); |
294 | cgit_print_docstart(ctx); | 293 | cgit_print_docstart(ctx); |
295 | cgit_print_pageheader(ctx); | 294 | cgit_print_pageheader(ctx); |
296 | cgit_print_error("Invalid request"); | 295 | cgit_print_error("Invalid request"); |
297 | cgit_print_docend(); | 296 | cgit_print_docend(); |
298 | return; | 297 | return; |
299 | } | 298 | } |
300 | 299 | ||
301 | if (cmd->want_repo && !ctx->repo) { | 300 | if (cmd->want_repo && !ctx->repo) { |
302 | cgit_print_http_headers(ctx); | 301 | cgit_print_http_headers(ctx); |
303 | cgit_print_docstart(ctx); | 302 | cgit_print_docstart(ctx); |
304 | cgit_print_pageheader(ctx); | 303 | cgit_print_pageheader(ctx); |
diff --git a/ui-shared.c b/ui-shared.c index 224e5f3..76cd00d 100644 --- a/ui-shared.c +++ b/ui-shared.c | |||
@@ -568,33 +568,38 @@ void add_hidden_formfields(int incl_head, int incl_search, char *page) | |||
568 | html_hidden("id", ctx.qry.sha1); | 568 | html_hidden("id", ctx.qry.sha1); |
569 | if (ctx.qry.sha2) | 569 | if (ctx.qry.sha2) |
570 | html_hidden("id2", ctx.qry.sha2); | 570 | html_hidden("id2", ctx.qry.sha2); |
571 | 571 | ||
572 | if (incl_search) { | 572 | if (incl_search) { |
573 | if (ctx.qry.grep) | 573 | if (ctx.qry.grep) |
574 | html_hidden("qt", ctx.qry.grep); | 574 | html_hidden("qt", ctx.qry.grep); |
575 | if (ctx.qry.search) | 575 | if (ctx.qry.search) |
576 | html_hidden("q", ctx.qry.search); | 576 | html_hidden("q", ctx.qry.search); |
577 | } | 577 | } |
578 | } | 578 | } |
579 | 579 | ||
580 | const char *fallback_cmd = "repolist"; | ||
581 | |||
580 | char *hc(struct cgit_cmd *cmd, const char *page) | 582 | char *hc(struct cgit_cmd *cmd, const char *page) |
581 | { | 583 | { |
582 | return (strcmp(cmd->name, page) ? NULL : "active"); | 584 | return (strcmp(cmd ? cmd->name : fallback_cmd, page) ? NULL : "active"); |
583 | } | 585 | } |
584 | 586 | ||
585 | void cgit_print_pageheader(struct cgit_context *ctx) | 587 | void cgit_print_pageheader(struct cgit_context *ctx) |
586 | { | 588 | { |
587 | struct cgit_cmd *cmd = cgit_get_cmd(ctx); | 589 | struct cgit_cmd *cmd = cgit_get_cmd(ctx); |
588 | 590 | ||
591 | if (!cmd && ctx->repo) | ||
592 | fallback_cmd = "summary"; | ||
593 | |||
589 | html("<table id='header'>\n"); | 594 | html("<table id='header'>\n"); |
590 | html("<tr>\n"); | 595 | html("<tr>\n"); |
591 | html("<td class='logo' rowspan='2'><a href='"); | 596 | html("<td class='logo' rowspan='2'><a href='"); |
592 | if (ctx->cfg.logo_link) | 597 | if (ctx->cfg.logo_link) |
593 | html_attr(ctx->cfg.logo_link); | 598 | html_attr(ctx->cfg.logo_link); |
594 | else | 599 | else |
595 | html_attr(cgit_rooturl()); | 600 | html_attr(cgit_rooturl()); |
596 | html("'><img src='"); | 601 | html("'><img src='"); |
597 | html_attr(ctx->cfg.logo); | 602 | html_attr(ctx->cfg.logo); |
598 | html("' alt='cgit logo'/></a></td>\n"); | 603 | html("' alt='cgit logo'/></a></td>\n"); |
599 | 604 | ||
600 | html("<td class='main'>"); | 605 | html("<td class='main'>"); |