git/daemon.c, branch v2.3.7Mirror of https://git.kernel.org/pub/scm/git/git.git/
https://git.shady.money/git/atom?h=v2.3.72015-03-14T05:56:01ZMerge branch 'rs/daemon-interpolate' into maint2015-03-14T05:56:01ZJunio C Hamanogitster@pobox.com2015-03-14T05:56:00Zurn:sha1:1469d9906833a8bd7d07a70ba8250c823716f20a
"git daemon" looked up the hostname even when "%CH" and "%IP"
interpolations are not requested, which was unnecessary.
* rs/daemon-interpolate:
daemon: use callback to build interpolated path
daemon: look up client-supplied hostname lazily
Merge branch 'jk/daemon-interpolate' into maint2015-03-14T05:55:59ZJunio C Hamanogitster@pobox.com2015-03-14T05:55:59Zurn:sha1:c722ba4814f34d02faed305e4cc6498c783543a9
The "interpolated-path" option of "git daemon" inserted any string
client declared on the "host=" capability request without checking.
Sanitize and limit %H and %CH to a saner and a valid DNS name.
* jk/daemon-interpolate:
daemon: sanitize incoming virtual hostname
t5570: test git-daemon's --interpolated-path option
git_connect: let user override virtual-host we send to daemon
daemon: use callback to build interpolated path2015-02-17T21:40:49ZRené Scharfel.s.r@web.de2015-02-15T18:33:52Zurn:sha1:dc8edc8f7d503b96dc4ceb275f7f6ca7637be5a9
Provide a callback function for strbuf_expand() instead of using the
helper strbuf_expand_dict_cb(). While the resulting code is longer, it
only looks up the canonical hostname and IP address if at least one of
the placeholders %CH and %IP are used with --interpolated-path.
Use a struct for passing the directory to the callback function instead
of passing it directly to avoid having to cast away its const qualifier.
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
daemon: look up client-supplied hostname lazily2015-02-17T21:40:36ZRené Scharfel.s.r@web.de2015-02-15T18:31:41Zurn:sha1:edef953e482ce212b7d68bbe0f59e34b5552db3e
Look up canonical hostname and IP address using getaddrinfo(3) or
gethostbyname(3) only if --interpolated-path or --access-hook were
specified.
Do that by introducing getter functions for canon_hostname and
ip_address and using them for all read accesses. These wrappers call
the new helper lookup_hostname(), which sets the variables only at its
first call.
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
daemon: sanitize incoming virtual hostname2015-02-17T21:15:30ZJeff Kingpeff@peff.net2015-02-17T19:09:24Zurn:sha1:b48537305229d1a4f25633f71941ee52d2582017
We use the daemon_avoid_alias function to make sure that the
pathname the user gives us is sane. However, after applying
that check, we might then interpolate the path using a
string given by the server admin, but which may contain more
untrusted data from the client. We should be sure to
sanitize this data, as well.
We cannot use daemon_avoid_alias here, as it is more strict
than we need in requiring a leading '/'. At the same time,
we can be much more strict here. We are interpreting a
hostname, which should not contain slashes or excessive runs
of dots, as those things are not allowed in DNS names.
Note that in addition to cleansing the hostname field, we
must check the "canonical hostname" (%CH) as well as the
port (%P), which we take as a raw string. For the canonical
hostname, this comes from an actual DNS lookup on the
accessed IP, which makes it a much less likely vector for
problems. But it does not hurt to sanitize it in the same
way. Unfortunately we cannot test this case easily, as it
would involve a custom hostname lookup.
We do not need to check %IP, as it comes straight from
inet_ntop, so must have a sane form.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'rs/daemon-fixes' into maint2014-10-29T17:35:09ZJunio C Hamanogitster@pobox.com2014-10-29T17:35:09Zurn:sha1:a8f01f87d03bef31d3b7f43c4c46398ec76a8e91
* rs/daemon-fixes:
daemon: remove write-only variable maxfd
daemon: fix error message after bind()
daemon: handle gethostbyname() error
Merge branch 'rs/daemon-fixes'2014-10-14T17:49:23ZJunio C Hamanogitster@pobox.com2014-10-14T17:49:22Zurn:sha1:dc11fc2de8d92b9e7935ad070941e86f4e33000b
"git daemon" (with NO_IPV6 build configuration) used to incorrectly
use the hostname even when gethostbyname() reported that the given
hostname is not found.
* rs/daemon-fixes:
daemon: remove write-only variable maxfd
daemon: fix error message after bind()
daemon: handle gethostbyname() error
daemon: remove write-only variable maxfd2014-10-01T20:34:56ZRené Scharfel.s.r@web.de2014-10-01T10:21:57Zurn:sha1:107efbeb2409ac3fb01560a42067c8cc506aa249
It became unused when 6573faff (NO_IPV6 support for git daemon) replaced
select() with poll().
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
daemon: fix error message after bind()2014-10-01T20:34:54ZRené Scharfel.s.r@web.de2014-10-01T10:18:15Zurn:sha1:9d1b9aa9e10da398f430bc619b361d83bee6df7d
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
daemon: handle gethostbyname() error2014-10-01T20:34:53ZRené Scharfel.s.r@web.de2014-10-01T10:16:17Zurn:sha1:eb6c403500dd0b0d78b7b00d7ed0bf6b5daccc4e
If the user-supplied hostname can't be found then we should not use it.
We already avoid doing that in the non-NO_IPV6 case by checking if the
return value of getaddrinfo() is zero (success). Do the same in the
NO_IPV6 case and make sure the return value of gethostbyname() isn't
NULL before dereferencing this pointer.
Signed-off-by: Rene Scharfe <l.s.r@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>