]> git.cameronkatri.com Git - cgit.git/blobdiff - ui-clone.c
ui-shared: restrict to 15 levels
[cgit.git] / ui-clone.c
index 3a037ad9a7a9d1f49fe6a4e5b0c8a446f31ce837..5dccb639761a57f8e3176c52029ab5a5e57194dc 100644 (file)
 /* ui-clone.c: functions for http cloning, based on
  * git's http-backend.c by Shawn O. Pearce
  *
- * Copyright (C) 2008 Lars Hjemli
+ * Copyright (C) 2006-2014 cgit Development Team <cgit@lists.zx2c4.com>
  *
  * Licensed under GNU General Public License v2
  *   (see COPYING for full license text)
  */
 
 #include "cgit.h"
+#include "ui-clone.h"
 #include "html.h"
 #include "ui-shared.h"
+#include "packfile.h"
+#include "object-store.h"
 
-static int print_ref_info(const char *refname, const unsigned char *sha1,
+static int print_ref_info(const char *refname, const struct object_id *oid,
                           int flags, void *cb_data)
 {
        struct object *obj;
 
-       if (!(obj = parse_object(sha1)))
+       if (!(obj = parse_object(the_repository, oid)))
                return 0;
 
-       if (!strcmp(refname, "HEAD") || !prefixcmp(refname, "refs/heads/"))
-               htmlf("%s\t%s\n", sha1_to_hex(sha1), refname);
-       else if (!prefixcmp(refname, "refs/tags") && obj->type == OBJ_TAG) {
-               if (!(obj = deref_tag(obj, refname, 0)))
+       htmlf("%s\t%s\n", oid_to_hex(oid), refname);
+       if (obj->type == OBJ_TAG) {
+               if (!(obj = deref_tag(the_repository, obj, refname, 0)))
                        return 0;
-               htmlf("%s\t%s\n", sha1_to_hex(sha1), refname);
-               htmlf("%s\t%s^{}\n", sha1_to_hex(obj->sha1), refname);
+               htmlf("%s\t%s^{}\n", oid_to_hex(&obj->oid), refname);
        }
        return 0;
 }
 
-static void print_pack_info(struct cgit_context *ctx)
+static void print_pack_info(void)
 {
        struct packed_git *pack;
-       int ofs;
-
-       ctx->page.mimetype = "text/plain";
-       ctx->page.filename = "objects/info/packs";
-       cgit_print_http_headers(ctx);
-       ofs = strlen(ctx->repo->path) + strlen("/objects/pack/");
-       prepare_packed_git();
-       for (pack = packed_git; pack; pack = pack->next)
-               if (pack->pack_local)
-                       htmlf("P %s\n", pack->pack_name + ofs);
+       char *offset;
+
+       ctx.page.mimetype = "text/plain";
+       ctx.page.filename = "objects/info/packs";
+       cgit_print_http_headers();
+       reprepare_packed_git(the_repository);
+       for (pack = get_packed_git(the_repository); pack; pack = pack->next) {
+               if (pack->pack_local) {
+                       offset = strrchr(pack->pack_name, '/');
+                       if (offset && offset[1] != '\0')
+                               ++offset;
+                       else
+                               offset = pack->pack_name;
+                       htmlf("P %s\n", offset);
+               }
+       }
 }
 
-static void send_file(struct cgit_context *ctx, char *path)
+static void send_file(const char *path)
 {
        struct stat st;
-       int err;
 
        if (stat(path, &st)) {
                switch (errno) {
                case ENOENT:
-                       err = 404;
+                       cgit_print_error_page(404, "Not found", "Not found");
                        break;
                case EACCES:
-                       err = 403;
+                       cgit_print_error_page(403, "Forbidden", "Forbidden");
                        break;
                default:
-                       err = 400;
+                       cgit_print_error_page(400, "Bad request", "Bad request");
                }
-               html_status(err, 0);
                return;
        }
-       ctx->page.mimetype = "application/octet-stream";
-       ctx->page.filename = path;
-       if (prefixcmp(ctx->repo->path, path))
-               ctx->page.filename += strlen(ctx->repo->path) + 1;
-       cgit_print_http_headers(ctx);
+       ctx.page.mimetype = "application/octet-stream";
+       ctx.page.filename = path;
+       skip_prefix(path, ctx.repo->path, &ctx.page.filename);
+       skip_prefix(ctx.page.filename, "/", &ctx.page.filename);
+       cgit_print_http_headers();
        html_include(path);
 }
 
-void cgit_clone_info(struct cgit_context *ctx)
+void cgit_clone_info(void)
 {
-       if (!ctx->qry.path || strcmp(ctx->qry.path, "refs"))
+       if (!ctx.qry.path || strcmp(ctx.qry.path, "refs")) {
+               cgit_print_error_page(400, "Bad request", "Bad request");
                return;
+       }
 
-       ctx->page.mimetype = "text/plain";
-       ctx->page.filename = "info/refs";
-       cgit_print_http_headers(ctx);
-       for_each_ref(print_ref_info, ctx);
+       ctx.page.mimetype = "text/plain";
+       ctx.page.filename = "info/refs";
+       cgit_print_http_headers();
+       for_each_ref(print_ref_info, NULL);
 }
 
-void cgit_clone_objects(struct cgit_context *ctx)
+void cgit_clone_objects(void)
 {
-       if (!ctx->qry.path) {
-               html_status(400, 0);
+       char *p;
+
+       if (!ctx.qry.path)
+               goto err;
+
+       if (!strcmp(ctx.qry.path, "info/packs")) {
+               print_pack_info();
                return;
        }
 
-       if (!strcmp(ctx->qry.path, "info/packs")) {
-               print_pack_info(ctx);
-               return;
+       /* Avoid directory traversal by forbidding "..", but also work around
+        * other funny business by just specifying a fairly strict format. For
+        * example, now we don't have to stress out about the Cygwin port.
+        */
+       for (p = ctx.qry.path; *p; ++p) {
+               if (*p == '.' && *(p + 1) == '.')
+                       goto err;
+               if (!isalnum(*p) && *p != '/' && *p != '.' && *p != '-')
+                       goto err;
        }
 
-       send_file(ctx, git_path("objects/%s", ctx->qry.path));
+       send_file(git_path("objects/%s", ctx.qry.path));
+       return;
+
+err:
+       cgit_print_error_page(400, "Bad request", "Bad request");
 }
 
-void cgit_clone_head(struct cgit_context *ctx)
+void cgit_clone_head(void)
 {
-       send_file(ctx, git_path("%s", "HEAD"));
+       send_file(git_path("%s", "HEAD"));
 }