Printing deferred line changes for files containing long lines would
cause a segfault.
- limit LCS table size: 128x128.
- move LCS table to global context: avoid allocating/freeing memory
for every deferred line change.
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
The value stored to "t" during its initialization gets overwritten in
any case, so just leave it uninitialized. Spotted by clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This fixes a segfault for me with with -O2 optimization on x86
with gcc (Debian 4.4.5-8) 4.4.5
I can reliably reproduce it with the following parameters
when pointed to the git.git repository:
PATH_INFO='/git-core.git/diff/'
QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8'
Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Some tests would otherwise fail because commands such as
cd trash/repos/foo && git rev-list --reverse HEAD | head -1
would return 2 lines instead of 1: the 'cd' command also
prints the path when CDPATH is set.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
The current 'Not a git repository' error message is not very helpful,
since it doesn't state the cause of the problem.
This patch uses errno to provide a hint of the underlying problem. It
would have been even better to give the exact cause (e.g. for ENOENT it
would be nice to know which file/directory is missing), but that would
require reimplementing setup_git_directory_gently() which seems a bit
overkill.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This patch fixes the following issues:
* the base argument usually isn't zero-terminated, so printing base
without considering baselen will usually generate random garbage
* when the current url represents a directory but doesn't end in a slash,
relative urls would be incorrect
* using unescaped paths allows XSS
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
No references are kept to the memory pointed to by the 'rel' variable, so
it should be free()'d before returning from add_repo().
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
Signed-off-by: Lars Hjemli <larsh@hjemli.net>
The link url wasn't properly escaped, and since the link was identical
to the one used on the commit message it didn't serve any special purpose.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Ampersands ("&") appearing inside HTML attributes need to be translated
to "&". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
In d0cb841 (Avoid trailing slash in virtual-root), virtual-root was set
from script-name using trim_end(). However, if script-name was the
empty string (""), which happens when cgit is used to serve the root
path on a domain (/), trim_end() returns NULL and cgit acts like
virtual-root is not available. Now, set virtual-root to "" in this
case, which fixes this bug.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When git/date.c:parse_date() cannot parse its input it returns -1. But
read_agefile() checks if the result is different from zero, essentialy
returning random data from the date buffer when parsing fails. This
patch fixes the issue by verifying that the result from parse_date()
is positive.
Noticed-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When calling cgit_print_diff() with a bad new_rev and a NULL old_rev,
checking for new_rev's parent commit will result in a null pointer
dereference. Returning on an invalid commit before dereferencing fixes
this. Spotted with clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Returning "*txt" if "txt" is a null pointer is a bad thing. Spotted with
clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
These tests tries to detect bad links in various pages. On the log page,
there currently exists links which are not properly escaped due to the
use of cgit_fileurl() when building the link. For now, this bug is simply
tagged as such.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
reencode() takes three arguments in the order (txt, from, to), opposed to
reencode_string, which will, like iconv, handle the arguments with from
and to swapped. Fix that (this makes reencode more intuitive).
If src and dst encoding are equivalent, don't do any encoding.
If no special encoding parameter is found within the commit, assume
UTF-8 and explicitly convert to PAGE_ENCODING. The change to reencode()
mentioned above avoids re-encoding a UTF-8 string to UTF-8, for example.
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When tar.xz support was added in 0642435fed (2009-12-08: Add
.tar.xz-snapshot support), cgitrc.5 was not updated to match. This
patch fixes the issue.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This patch makes cgit properly abort in case the projectsfile cannot
be opened. Without the added return cgit continues using the projects
pointer which is NULL and thus causes a segfault.
When path-filtering was used in commit-view, the path filter was
included without proper html escaping. This patch closes the hole.
Signed-off-by: Lukasz Janyst <ljanyst@cern.ch>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When setting virtual-root from cgitrc, care is taken to avoid trailing
slashes. But when no virtual-root setting is specified, SCRIPT_FILE
from the web server is used without similar checks. This patch fixes the
inconsistency, which could lead to double-slashes in generated links.
Noticed-by: Wouter Van Hemel <wouter@duodecim.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When a query ends in say %gg, (or any invalid hex) e.g.,
http://git.gnome.org/browse/gdlmm/commit/?id=%gg
convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns
txt-1, so the loop in http_parse_querystring never terminates. The
solution is to make the memmove also copy the trailing NUL.
* html.c (convert_query_hexchar): Fix off-by-one error.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Emit anchors to the respective revisions in side-by-side diff view
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Allow for per repo logo and logo-link; Use global logo and logo-link per
default.
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
warning: format ‘%ld’ expects type ‘long int’, but argument 2 has type
‘size_t’
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Paths that start with a period ('.') are considered hidden in the Unix world.
scan_path() should arguably not recurse into these directories by default.
This patch makes it so, and introduces the "scan-hidden-path" config variable
for overriding the new default and revert to the old behaviour (scanning _all_
directories, including hidden .directories).
Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <larsh@prediktor.no>
OpenBSD tar(1) defaults to read from "/dev/rst0" when not specifying an
filename and thus fails to extract the Git sourcecode when not passing
stdin as input file descriptor explicitly.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* jh/graph:
ui-log: Move 'Age' column when commit graph is present
ui-log: Line-wrap long commit subjects when showmsg is enabled
ui-log: Colorize commit graph
ui-log: Implement support for commit graphs
ui-log: Change display of full commit messages (and notes)
Conflicts:
cgit.css
Jamie Couture
Lukas Fleischer
Lars Hjemli
Eric Wong
Ferry Huberts
Mark Lodato
Jonathon Mah
Julius Plenz
Stefan Gehn
Lukasz Janyst
Jim Meyering
Bernhard Reutner-Fischer
Johan Herland
Lukas Fleischer