author | Lars Hjemli <hjemli@gmail.com> | 2009-08-17 07:05:13 (UTC) |
---|---|---|
committer | Lars Hjemli <hjemli@gmail.com> | 2009-08-17 07:26:17 (UTC) |
commit | 435a1da8d1c43bff2f2ccd5649ea8510eec0b2af (patch) (unidiff) | |
tree | c07a9d096c99a70e78b017b5edccb1eaaffd0795 /cgit.c | |
parent | 8a631b1173b1abecc5a737b0e21751ddbabf9df2 (diff) | |
download | cgit-435a1da8d1c43bff2f2ccd5649ea8510eec0b2af.zip cgit-435a1da8d1c43bff2f2ccd5649ea8510eec0b2af.tar.gz cgit-435a1da8d1c43bff2f2ccd5649ea8510eec0b2af.tar.bz2 |
cgit.c: do not segfault on unexpected query-string format
The querystring_cb() function will be invoked with a NULL value when
the querystring contains a name not followed by a '='. Such a value
used to cause a segfault, which this patch fixes.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r-- | cgit.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -71,128 +71,131 @@ void config_cb(const char *name, const char *value) | |||
71 | ctx.cfg.cache_static_ttl = atoi(value); | 71 | ctx.cfg.cache_static_ttl = atoi(value); |
72 | else if (!strcmp(name, "cache-dynamic-ttl")) | 72 | else if (!strcmp(name, "cache-dynamic-ttl")) |
73 | ctx.cfg.cache_dynamic_ttl = atoi(value); | 73 | ctx.cfg.cache_dynamic_ttl = atoi(value); |
74 | else if (!strcmp(name, "max-message-length")) | 74 | else if (!strcmp(name, "max-message-length")) |
75 | ctx.cfg.max_msg_len = atoi(value); | 75 | ctx.cfg.max_msg_len = atoi(value); |
76 | else if (!strcmp(name, "max-repodesc-length")) | 76 | else if (!strcmp(name, "max-repodesc-length")) |
77 | ctx.cfg.max_repodesc_len = atoi(value); | 77 | ctx.cfg.max_repodesc_len = atoi(value); |
78 | else if (!strcmp(name, "max-repo-count")) | 78 | else if (!strcmp(name, "max-repo-count")) |
79 | ctx.cfg.max_repo_count = atoi(value); | 79 | ctx.cfg.max_repo_count = atoi(value); |
80 | else if (!strcmp(name, "max-commit-count")) | 80 | else if (!strcmp(name, "max-commit-count")) |
81 | ctx.cfg.max_commit_count = atoi(value); | 81 | ctx.cfg.max_commit_count = atoi(value); |
82 | else if (!strcmp(name, "summary-log")) | 82 | else if (!strcmp(name, "summary-log")) |
83 | ctx.cfg.summary_log = atoi(value); | 83 | ctx.cfg.summary_log = atoi(value); |
84 | else if (!strcmp(name, "summary-branches")) | 84 | else if (!strcmp(name, "summary-branches")) |
85 | ctx.cfg.summary_branches = atoi(value); | 85 | ctx.cfg.summary_branches = atoi(value); |
86 | else if (!strcmp(name, "summary-tags")) | 86 | else if (!strcmp(name, "summary-tags")) |
87 | ctx.cfg.summary_tags = atoi(value); | 87 | ctx.cfg.summary_tags = atoi(value); |
88 | else if (!strcmp(name, "agefile")) | 88 | else if (!strcmp(name, "agefile")) |
89 | ctx.cfg.agefile = xstrdup(value); | 89 | ctx.cfg.agefile = xstrdup(value); |
90 | else if (!strcmp(name, "renamelimit")) | 90 | else if (!strcmp(name, "renamelimit")) |
91 | ctx.cfg.renamelimit = atoi(value); | 91 | ctx.cfg.renamelimit = atoi(value); |
92 | else if (!strcmp(name, "robots")) | 92 | else if (!strcmp(name, "robots")) |
93 | ctx.cfg.robots = xstrdup(value); | 93 | ctx.cfg.robots = xstrdup(value); |
94 | else if (!strcmp(name, "clone-prefix")) | 94 | else if (!strcmp(name, "clone-prefix")) |
95 | ctx.cfg.clone_prefix = xstrdup(value); | 95 | ctx.cfg.clone_prefix = xstrdup(value); |
96 | else if (!strcmp(name, "local-time")) | 96 | else if (!strcmp(name, "local-time")) |
97 | ctx.cfg.local_time = atoi(value); | 97 | ctx.cfg.local_time = atoi(value); |
98 | else if (!strcmp(name, "repo.group")) | 98 | else if (!strcmp(name, "repo.group")) |
99 | ctx.cfg.repo_group = xstrdup(value); | 99 | ctx.cfg.repo_group = xstrdup(value); |
100 | else if (!strcmp(name, "repo.url")) | 100 | else if (!strcmp(name, "repo.url")) |
101 | ctx.repo = cgit_add_repo(value); | 101 | ctx.repo = cgit_add_repo(value); |
102 | else if (!strcmp(name, "repo.name")) | 102 | else if (!strcmp(name, "repo.name")) |
103 | ctx.repo->name = xstrdup(value); | 103 | ctx.repo->name = xstrdup(value); |
104 | else if (ctx.repo && !strcmp(name, "repo.path")) | 104 | else if (ctx.repo && !strcmp(name, "repo.path")) |
105 | ctx.repo->path = trim_end(value, '/'); | 105 | ctx.repo->path = trim_end(value, '/'); |
106 | else if (ctx.repo && !strcmp(name, "repo.clone-url")) | 106 | else if (ctx.repo && !strcmp(name, "repo.clone-url")) |
107 | ctx.repo->clone_url = xstrdup(value); | 107 | ctx.repo->clone_url = xstrdup(value); |
108 | else if (ctx.repo && !strcmp(name, "repo.desc")) | 108 | else if (ctx.repo && !strcmp(name, "repo.desc")) |
109 | ctx.repo->desc = xstrdup(value); | 109 | ctx.repo->desc = xstrdup(value); |
110 | else if (ctx.repo && !strcmp(name, "repo.owner")) | 110 | else if (ctx.repo && !strcmp(name, "repo.owner")) |
111 | ctx.repo->owner = xstrdup(value); | 111 | ctx.repo->owner = xstrdup(value); |
112 | else if (ctx.repo && !strcmp(name, "repo.defbranch")) | 112 | else if (ctx.repo && !strcmp(name, "repo.defbranch")) |
113 | ctx.repo->defbranch = xstrdup(value); | 113 | ctx.repo->defbranch = xstrdup(value); |
114 | else if (ctx.repo && !strcmp(name, "repo.snapshots")) | 114 | else if (ctx.repo && !strcmp(name, "repo.snapshots")) |
115 | ctx.repo->snapshots = ctx.cfg.snapshots & cgit_parse_snapshots_mask(value); /* XXX: &? */ | 115 | ctx.repo->snapshots = ctx.cfg.snapshots & cgit_parse_snapshots_mask(value); /* XXX: &? */ |
116 | else if (ctx.repo && !strcmp(name, "repo.enable-log-filecount")) | 116 | else if (ctx.repo && !strcmp(name, "repo.enable-log-filecount")) |
117 | ctx.repo->enable_log_filecount = ctx.cfg.enable_log_filecount * atoi(value); | 117 | ctx.repo->enable_log_filecount = ctx.cfg.enable_log_filecount * atoi(value); |
118 | else if (ctx.repo && !strcmp(name, "repo.enable-log-linecount")) | 118 | else if (ctx.repo && !strcmp(name, "repo.enable-log-linecount")) |
119 | ctx.repo->enable_log_linecount = ctx.cfg.enable_log_linecount * atoi(value); | 119 | ctx.repo->enable_log_linecount = ctx.cfg.enable_log_linecount * atoi(value); |
120 | else if (ctx.repo && !strcmp(name, "repo.max-stats")) | 120 | else if (ctx.repo && !strcmp(name, "repo.max-stats")) |
121 | ctx.repo->max_stats = cgit_find_stats_period(value, NULL); | 121 | ctx.repo->max_stats = cgit_find_stats_period(value, NULL); |
122 | else if (ctx.repo && !strcmp(name, "repo.module-link")) | 122 | else if (ctx.repo && !strcmp(name, "repo.module-link")) |
123 | ctx.repo->module_link= xstrdup(value); | 123 | ctx.repo->module_link= xstrdup(value); |
124 | else if (ctx.repo && !strcmp(name, "repo.readme") && value != NULL) { | 124 | else if (ctx.repo && !strcmp(name, "repo.readme") && value != NULL) { |
125 | if (*value == '/') | 125 | if (*value == '/') |
126 | ctx.repo->readme = xstrdup(value); | 126 | ctx.repo->readme = xstrdup(value); |
127 | else | 127 | else |
128 | ctx.repo->readme = xstrdup(fmt("%s/%s", ctx.repo->path, value)); | 128 | ctx.repo->readme = xstrdup(fmt("%s/%s", ctx.repo->path, value)); |
129 | } else if (!strcmp(name, "include")) | 129 | } else if (!strcmp(name, "include")) |
130 | parse_configfile(value, config_cb); | 130 | parse_configfile(value, config_cb); |
131 | } | 131 | } |
132 | 132 | ||
133 | static void querystring_cb(const char *name, const char *value) | 133 | static void querystring_cb(const char *name, const char *value) |
134 | { | 134 | { |
135 | if (!value) | ||
136 | value = ""; | ||
137 | |||
135 | if (!strcmp(name,"r")) { | 138 | if (!strcmp(name,"r")) { |
136 | ctx.qry.repo = xstrdup(value); | 139 | ctx.qry.repo = xstrdup(value); |
137 | ctx.repo = cgit_get_repoinfo(value); | 140 | ctx.repo = cgit_get_repoinfo(value); |
138 | } else if (!strcmp(name, "p")) { | 141 | } else if (!strcmp(name, "p")) { |
139 | ctx.qry.page = xstrdup(value); | 142 | ctx.qry.page = xstrdup(value); |
140 | } else if (!strcmp(name, "url")) { | 143 | } else if (!strcmp(name, "url")) { |
141 | ctx.qry.url = xstrdup(value); | 144 | ctx.qry.url = xstrdup(value); |
142 | cgit_parse_url(value); | 145 | cgit_parse_url(value); |
143 | } else if (!strcmp(name, "qt")) { | 146 | } else if (!strcmp(name, "qt")) { |
144 | ctx.qry.grep = xstrdup(value); | 147 | ctx.qry.grep = xstrdup(value); |
145 | } else if (!strcmp(name, "q")) { | 148 | } else if (!strcmp(name, "q")) { |
146 | ctx.qry.search = xstrdup(value); | 149 | ctx.qry.search = xstrdup(value); |
147 | } else if (!strcmp(name, "h")) { | 150 | } else if (!strcmp(name, "h")) { |
148 | ctx.qry.head = xstrdup(value); | 151 | ctx.qry.head = xstrdup(value); |
149 | ctx.qry.has_symref = 1; | 152 | ctx.qry.has_symref = 1; |
150 | } else if (!strcmp(name, "id")) { | 153 | } else if (!strcmp(name, "id")) { |
151 | ctx.qry.sha1 = xstrdup(value); | 154 | ctx.qry.sha1 = xstrdup(value); |
152 | ctx.qry.has_sha1 = 1; | 155 | ctx.qry.has_sha1 = 1; |
153 | } else if (!strcmp(name, "id2")) { | 156 | } else if (!strcmp(name, "id2")) { |
154 | ctx.qry.sha2 = xstrdup(value); | 157 | ctx.qry.sha2 = xstrdup(value); |
155 | ctx.qry.has_sha1 = 1; | 158 | ctx.qry.has_sha1 = 1; |
156 | } else if (!strcmp(name, "ofs")) { | 159 | } else if (!strcmp(name, "ofs")) { |
157 | ctx.qry.ofs = atoi(value); | 160 | ctx.qry.ofs = atoi(value); |
158 | } else if (!strcmp(name, "path")) { | 161 | } else if (!strcmp(name, "path")) { |
159 | ctx.qry.path = trim_end(value, '/'); | 162 | ctx.qry.path = trim_end(value, '/'); |
160 | } else if (!strcmp(name, "name")) { | 163 | } else if (!strcmp(name, "name")) { |
161 | ctx.qry.name = xstrdup(value); | 164 | ctx.qry.name = xstrdup(value); |
162 | } else if (!strcmp(name, "mimetype")) { | 165 | } else if (!strcmp(name, "mimetype")) { |
163 | ctx.qry.mimetype = xstrdup(value); | 166 | ctx.qry.mimetype = xstrdup(value); |
164 | } else if (!strcmp(name, "s")){ | 167 | } else if (!strcmp(name, "s")){ |
165 | ctx.qry.sort = xstrdup(value); | 168 | ctx.qry.sort = xstrdup(value); |
166 | } else if (!strcmp(name, "showmsg")) { | 169 | } else if (!strcmp(name, "showmsg")) { |
167 | ctx.qry.showmsg = atoi(value); | 170 | ctx.qry.showmsg = atoi(value); |
168 | } else if (!strcmp(name, "period")) { | 171 | } else if (!strcmp(name, "period")) { |
169 | ctx.qry.period = xstrdup(value); | 172 | ctx.qry.period = xstrdup(value); |
170 | } | 173 | } |
171 | } | 174 | } |
172 | 175 | ||
173 | static void prepare_context(struct cgit_context *ctx) | 176 | static void prepare_context(struct cgit_context *ctx) |
174 | { | 177 | { |
175 | memset(ctx, 0, sizeof(ctx)); | 178 | memset(ctx, 0, sizeof(ctx)); |
176 | ctx->cfg.agefile = "info/web/last-modified"; | 179 | ctx->cfg.agefile = "info/web/last-modified"; |
177 | ctx->cfg.nocache = 0; | 180 | ctx->cfg.nocache = 0; |
178 | ctx->cfg.cache_size = 0; | 181 | ctx->cfg.cache_size = 0; |
179 | ctx->cfg.cache_dynamic_ttl = 5; | 182 | ctx->cfg.cache_dynamic_ttl = 5; |
180 | ctx->cfg.cache_max_create_time = 5; | 183 | ctx->cfg.cache_max_create_time = 5; |
181 | ctx->cfg.cache_repo_ttl = 5; | 184 | ctx->cfg.cache_repo_ttl = 5; |
182 | ctx->cfg.cache_root = CGIT_CACHE_ROOT; | 185 | ctx->cfg.cache_root = CGIT_CACHE_ROOT; |
183 | ctx->cfg.cache_root_ttl = 5; | 186 | ctx->cfg.cache_root_ttl = 5; |
184 | ctx->cfg.cache_static_ttl = -1; | 187 | ctx->cfg.cache_static_ttl = -1; |
185 | ctx->cfg.css = "/cgit.css"; | 188 | ctx->cfg.css = "/cgit.css"; |
186 | ctx->cfg.logo = "/git-logo.png"; | 189 | ctx->cfg.logo = "/git-logo.png"; |
187 | ctx->cfg.local_time = 0; | 190 | ctx->cfg.local_time = 0; |
188 | ctx->cfg.max_repo_count = 50; | 191 | ctx->cfg.max_repo_count = 50; |
189 | ctx->cfg.max_commit_count = 50; | 192 | ctx->cfg.max_commit_count = 50; |
190 | ctx->cfg.max_lock_attempts = 5; | 193 | ctx->cfg.max_lock_attempts = 5; |
191 | ctx->cfg.max_msg_len = 80; | 194 | ctx->cfg.max_msg_len = 80; |
192 | ctx->cfg.max_repodesc_len = 80; | 195 | ctx->cfg.max_repodesc_len = 80; |
193 | ctx->cfg.max_stats = 0; | 196 | ctx->cfg.max_stats = 0; |
194 | ctx->cfg.module_link = "./?repo=%s&page=commit&id=%s"; | 197 | ctx->cfg.module_link = "./?repo=%s&page=commit&id=%s"; |
195 | ctx->cfg.renamelimit = -1; | 198 | ctx->cfg.renamelimit = -1; |
196 | ctx->cfg.robots = "index, nofollow"; | 199 | ctx->cfg.robots = "index, nofollow"; |
197 | ctx->cfg.root_title = "Git repository browser"; | 200 | ctx->cfg.root_title = "Git repository browser"; |
198 | ctx->cfg.root_desc = "a fast webinterface for the git dscm"; | 201 | ctx->cfg.root_desc = "a fast webinterface for the git dscm"; |