From: Johannes Sixt <j.sixt@viscovery.net>
To: Git Mailing List <git@vger.kernel.org>
Cc: Junio C Hamano <gitster@pobox.com>
Subject: [PATCH 2/2] daemon: Verify base-path and interpolated-path early
Date: Mon, 25 Feb 2008 14:27:25 +0100 [thread overview]
Message-ID: <47C2C23D.1030609@viscovery.net> (raw)
Any request to the daemon would fail if either interpolated-path or
base-path (if specified) would not be absolute. Hence, we can check those
paths for validity upfront and not start the daemon at all if the paths are
invalid.
Additionally, we now check that the base-path is an existing directory.
Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at>
---
daemon.c | 24 +++++++++++++-----------
1 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/daemon.c b/daemon.c
index dd0177f..64c7fff 100644
--- a/daemon.c
+++ b/daemon.c
@@ -220,12 +220,6 @@ static char *path_ok(struct interp *itable)
}
}
else if (interpolated_path && saw_extended_args) {
- if (*dir != '/') {
- /* Allow only absolute */
- logerror("'%s': Non-absolute path denied (interpolated-path active)", dir);
- return NULL;
- }
-
interpolate(interp_path, PATH_MAX, interpolated_path,
interp_table, ARRAY_SIZE(interp_table));
loginfo("Interpolated dir '%s'", interp_path);
@@ -233,11 +227,6 @@ static char *path_ok(struct interp *itable)
dir = interp_path;
}
else if (base_path) {
- if (*dir != '/') {
- /* Allow only absolute */
- logerror("'%s': Non-absolute path denied (base-path active)", dir);
- return NULL;
- }
snprintf(rpath, PATH_MAX, "%s%s", base_path, dir);
dir = rpath;
}
@@ -1184,6 +1173,19 @@ int main(int argc, char **argv)
if (strict_paths && (!ok_paths || !*ok_paths))
die("option --strict-paths requires a whitelist");
+ if (base_path) {
+ struct stat st;
+
+ if (!is_absolute_path(base_path))
+ die("base-path must be absolute");
+ if (stat(base_path, &st) || !S_ISDIR(st.st_mode))
+ die("base-path '%s' does not exist or "
+ "is not a directory", base_path);
+ }
+
+ if (interpolated_path && !is_absolute_path(interpolated_path))
+ die("interpolated-path must be absolute");
+
if (inetd_mode) {
struct sockaddr_storage ss;
struct sockaddr *peer = (struct sockaddr *)&ss;
--
1.5.4.3.229.g5c72
next reply other threads:[~2008-02-25 13:28 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-25 13:27 Johannes Sixt [this message]
2008-02-25 19:39 ` [PATCH 2/2] daemon: Verify base-path and interpolated-path early Junio C Hamano
2008-02-26 12:00 ` Johannes Sixt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47C2C23D.1030609@viscovery.net \
--to=j.sixt@viscovery.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).