From: "Shawn O. Pearce" <spearce@spearce.org>
To: Robin Rosenberg <robin.rosenberg@dewire.com>
Cc: git@vger.kernel.org
Subject: [PATCH] Permit a wider range of repository names in jgit daemon requests
Date: Sun, 4 Jan 2009 18:46:22 -0800 [thread overview]
Message-ID: <20090105024622.GC20973@spearce.org> (raw)
In-Reply-To: <200901040048.01520.robin.rosenberg@dewire.com>
The earlier restriction was too narrow for some applications, for
example repositories named "jgit.dev" and "jgit.test" are perfectly
valid Git repositories and should still be able to be served by
the daemon.
By blocking out only uses of ".." as a path component and Windows
UNC paths (by blocking "\") we can reasonably prevent the client
from escaping the base dirctories configured in the daemon.
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
---
Robin Rosenberg <robin.rosenberg@dewire.com> wrote:
> tisdag 23 december 2008 01:27:23 skrev Shawn O. Pearce:
> > + private static final Pattern SAFE_REPOSITORY_NAME = Pattern
> > + .compile("^[A-Za-z][A-Za-z0-9/_ -]+(\\.git)?$");
>
> This restriction is too strict. Wouldn't any path not containing ".." be valid? In particular this did not work with my "EGIT.contrib" repo. I
> have a lot of repos with names llike "name.purpose". Just adding
> '.' to the character set isn't really enough.
Yup.
.../src/org/spearce/jgit/transport/Daemon.java | 42 +++++++++----------
1 files changed, 20 insertions(+), 22 deletions(-)
diff --git a/org.spearce.jgit/src/org/spearce/jgit/transport/Daemon.java b/org.spearce.jgit/src/org/spearce/jgit/transport/Daemon.java
index 646c88d..d39fd04 100644
--- a/org.spearce.jgit/src/org/spearce/jgit/transport/Daemon.java
+++ b/org.spearce.jgit/src/org/spearce/jgit/transport/Daemon.java
@@ -51,7 +51,6 @@
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
-import java.util.regex.Pattern;
import org.spearce.jgit.lib.Repository;
@@ -62,9 +61,6 @@
private static final int BACKLOG = 5;
- private static final Pattern SAFE_REPOSITORY_NAME = Pattern
- .compile("^[A-Za-z][A-Za-z0-9/_ -]+(\\.git)?$");
-
private InetSocketAddress myAddress;
private final DaemonService[] services;
@@ -292,24 +288,26 @@ synchronized (exports) {
return db;
}
- if (SAFE_REPOSITORY_NAME.matcher(name).matches()) {
- final File[] search;
- synchronized (exportBase) {
- search = exportBase.toArray(new File[exportBase.size()]);
- }
- for (final File f : search) {
- db = openRepository(new File(f, name));
- if (db != null)
- return db;
-
- db = openRepository(new File(f, name + ".git"));
- if (db != null)
- return db;
-
- db = openRepository(new File(f, name + "/.git"));
- if (db != null)
- return db;
- }
+ if (name.startsWith("../") || name.contains("/../")
+ || name.contains("\\"))
+ return null;
+
+ final File[] search;
+ synchronized (exportBase) {
+ search = exportBase.toArray(new File[exportBase.size()]);
+ }
+ for (final File f : search) {
+ db = openRepository(new File(f, name));
+ if (db != null)
+ return db;
+
+ db = openRepository(new File(f, name + ".git"));
+ if (db != null)
+ return db;
+
+ db = openRepository(new File(f, name + "/.git"));
+ if (db != null)
+ return db;
}
return null;
}
--
1.6.1.94.g9388
--
Shawn.
next prev parent reply other threads:[~2009-01-05 2:47 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-23 0:27 [JGIT PATCH 00/13] Add receive-pack server side support Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 01/13] Fix invalid "double checked locking" in InflaterCache Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 02/13] Cleanup stupid release of the cached Inflater in IndexPack Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 03/13] Cache an Inflater inside a WindowCursor and reuse it as much as possible Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 04/13] Make RefDatabase thread-safe Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 05/13] Make PackFile thread-safe Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 06/13] Make Repository thread-safe Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 07/13] Don't open a PackFile multiple times on scanForPacks Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 08/13] Expose RepositoryConfig.getBoolean so applications can use it Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 09/13] Add AnyObjectId.copyTo(StringBuilder) Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 10/13] Add compare-and-swap semantics to RefUpdate Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 11/13] Allow null new ObjectId during RefUpdate.delete Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 12/13] Implement the git-receive-pack process in Java Shawn O. Pearce
2008-12-23 0:27 ` [JGIT PATCH 13/13] Add basic git daemon support to publish receive-pack Shawn O. Pearce
2009-01-03 23:48 ` Robin Rosenberg
2009-01-05 2:46 ` Shawn O. Pearce [this message]
2009-01-05 23:07 ` [PATCH] Permit a wider range of repository names in jgit daemon requests Robin Rosenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090105024622.GC20973@spearce.org \
--to=spearce@spearce.org \
--cc=git@vger.kernel.org \
--cc=robin.rosenberg@dewire.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).