Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

access(): the pattern for refs is too strict for filenames

a filename also becomes a "ref" if you use VREF/NAME.

For some reason[1], it seems some people use crazy filenames like foo(0)
or bar%20baz, and these things blow up on that test.

--

[1] viz., the lack of someone with good taste, like me, leading their
project ;-)
  • Loading branch information...
commit 404dafd79b27b836d9101e912ce0786bec2f09ec 1 parent d8fe757
Sitaram Chamarty authored January 11, 2013
12  src/lib/Gitolite/Conf/Load.pm
@@ -79,7 +79,11 @@ sub access {
79 79
     $deny_rules = option( $repo, 'deny-rules' );
80 80
 
81 81
     # sanity check the only piece the user can control
82  
-    _die "invalid characters in ref or filename: '$ref'\n" unless $ref =~ $REF_OR_FILENAME_PATT;
  82
+    _die "invalid characters in ref or filename: '$ref'\n" unless $ref =~ m(^VREF/NAME/) or $ref =~ $REF_OR_FILENAME_PATT;
  83
+    # apparently we can't always force sanity; at least what we *return*
  84
+    # should be sane/safe.  This pattern is based on REF_OR_FILENAME_PATT.
  85
+    (my $safe_ref = $ref) =~ s([^-0-9a-zA-Z._\@/+ :,])(.)g;
  86
+    trace( 2, "safe_ref $safe_ref created from $ref") if $ref ne $safe_ref;
83 87
 
84 88
     # when a real repo doesn't exist, ^C is a pre-requisite for any other
85 89
     # check to give valid results.
@@ -91,7 +95,7 @@ sub access {
91 95
     # similarly, ^C must be denied if the repo exists
92 96
     if ( $aa eq '^C' and not repo_missing($repo) ) {
93 97
         trace( 2, "DENIED by existence" );
94  
-        return "$aa $ref $repo $user DENIED by existence";
  98
+        return "$aa $safe_ref $repo $user DENIED by existence";
95 99
     }
96 100
 
97 101
     trace( 2, scalar(@rules) . " rules found" );
@@ -107,7 +111,7 @@ sub access {
107 111
         next unless $ref =~ /^$refex/ or $ref eq 'any';
108 112
 
109 113
         trace( 2, "DENIED by $refex" ) if $perm eq '-';
110  
-        return "$aa $ref $repo $user DENIED by $refex" if $perm eq '-';
  114
+        return "$aa $safe_ref $repo $user DENIED by $refex" if $perm eq '-';
111 115
 
112 116
         # $perm can be RW\+?(C|D|CD|DC)?M?.  $aa can be W, +, C or D, or
113 117
         # any of these followed by "M".
@@ -117,7 +121,7 @@ sub access {
117 121
         return $refex if ( $perm =~ /$aaq/ );
118 122
     }
119 123
     trace( 2, "DENIED by fallthru" );
120  
-    return "$aa $ref $repo $user DENIED by fallthru";
  124
+    return "$aa $safe_ref $repo $user DENIED by fallthru";
121 125
 }
122 126
 
123 127
 sub git_config {
5  t/invalid-refnames-filenames.t
@@ -9,7 +9,7 @@ use Gitolite::Test;
9 9
 # invalid refnames
10 10
 # ----------------------------------------------------------------------
11 11
 
12  
-try "plan 57";
  12
+try "plan 56";
13 13
 try "DEF POK = !/DENIED/; !/failed to push/";
14 14
 
15 15
 confreset; confadd '
@@ -84,8 +84,7 @@ glt push u1 origin HEAD
84 84
 tc  aa=bb
85 85
 glt push u1 origin HEAD
86 86
         /To file:///aa/
87  
-        /invalid characters in ref or filename: \\'VREF/NAME/aa=bb/
88  
-        reject
  87
+        POK; /HEAD -> master/
89 88
 
90 89
 # push to branch dd,ee ok
91 90
 git reset --hard HEAD^

0 notes on commit 404dafd

Please sign in to comment.
Something went wrong with that request. Please try again.