Mirror of https://git.kernel.org/pub/scm/git/git.git/ https://git.shady.money/git/atom?h=v2.4.7 2015-05-05T18:03:24Z 2015-05-05T18:03:24Z Junio C Hamano gitster@pobox.com 2015-05-05T18:03:24Z urn:sha1:d358f771e3a0e78ea8ebed7edf48a12a7620c813 When 01cec54e (daemon: deglobalize hostname information, 2015-03-07) wrapped the global variables such as hostname inside a struct, it forgot to convert one location that spelled "hostname" that needs to be updated to "hi->hostname". This was inside NO_IPV6 block, and was not caught by anybody. Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-03-10T01:18:07Z René Scharfe l.s.r@web.de 2015-03-07T10:50:37Z urn:sha1:01cec54e135c6c70bf6e1e197590749076e7cdfd Move the variables related to the client-supplied hostname into its own struct, let execute() own an instance of that instead of storing the information in global variables and pass the struct to any function that needs to access it as a parameter. The lifetime of the variables is easier to see this way. Allocated memory is released within execute(). The strbufs don't have to be reset anymore because they are written to only once at most: parse_host_arg() is only called once by execute() and lookup_hostname() guards against being called twice using hostname_lookup_done. Signed-off-by: Rene Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-03-10T01:17:18Z René Scharfe l.s.r@web.de 2015-03-07T10:50:29Z urn:sha1:7a646cec5bbcebad31a6e99f0279782b322ecd36 Convert hostname, canon_hostname, ip_address and tcp_port to strbuf. This allows to get rid of the helpers strbuf_addstr_or_null() and STRARG because a strbuf always represents a valid (initially empty) string. sanitize_client() is not needed anymore and sanitize_client_strbuf() takes its place and name. Helped-by: Jeff King <peff@peff.net> Signed-off-by: Rene Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-03-03T22:37:06Z Junio C Hamano gitster@pobox.com 2015-03-03T22:37:05Z urn:sha1:4c3dbbf7225c45ab0e04953090d0ece4a15e83a2 The "interpolated-path" option of "git daemon" inserted any string client declared on the "host=" capability request without checking. Sanitize and limit %H and %CH to a saner and a valid DNS name. * jk/daemon-interpolate: daemon: sanitize incoming virtual hostname t5570: test git-daemon's --interpolated-path option git_connect: let user override virtual-host we send to daemon 2015-03-03T22:37:04Z Junio C Hamano gitster@pobox.com 2015-03-03T22:37:04Z urn:sha1:ef4cdb8bb7c56a431f2f553ed39b896f32488a18 "git daemon" looked up the hostname even when "%CH" and "%IP" interpolations are not requested, which was unnecessary. * rs/daemon-interpolate: daemon: use callback to build interpolated path daemon: look up client-supplied hostname lazily 2015-02-17T21:40:49Z René Scharfe l.s.r@web.de 2015-02-15T18:33:52Z urn:sha1:dc8edc8f7d503b96dc4ceb275f7f6ca7637be5a9 Provide a callback function for strbuf_expand() instead of using the helper strbuf_expand_dict_cb(). While the resulting code is longer, it only looks up the canonical hostname and IP address if at least one of the placeholders %CH and %IP are used with --interpolated-path. Use a struct for passing the directory to the callback function instead of passing it directly to avoid having to cast away its const qualifier. Signed-off-by: Rene Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-02-17T21:40:36Z René Scharfe l.s.r@web.de 2015-02-15T18:31:41Z urn:sha1:edef953e482ce212b7d68bbe0f59e34b5552db3e Look up canonical hostname and IP address using getaddrinfo(3) or gethostbyname(3) only if --interpolated-path or --access-hook were specified. Do that by introducing getter functions for canon_hostname and ip_address and using them for all read accesses. These wrappers call the new helper lookup_hostname(), which sets the variables only at its first call. Signed-off-by: Rene Scharfe <l.s.r@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-02-17T21:15:30Z Jeff King peff@peff.net 2015-02-17T19:09:24Z urn:sha1:b48537305229d1a4f25633f71941ee52d2582017 We use the daemon_avoid_alias function to make sure that the pathname the user gives us is sane. However, after applying that check, we might then interpolate the path using a string given by the server admin, but which may contain more untrusted data from the client. We should be sure to sanitize this data, as well. We cannot use daemon_avoid_alias here, as it is more strict than we need in requiring a leading '/'. At the same time, we can be much more strict here. We are interpreting a hostname, which should not contain slashes or excessive runs of dots, as those things are not allowed in DNS names. Note that in addition to cleansing the hostname field, we must check the "canonical hostname" (%CH) as well as the port (%P), which we take as a raw string. For the canonical hostname, this comes from an actual DNS lookup on the accessed IP, which makes it a much less likely vector for problems. But it does not hurt to sanitize it in the same way. Unfortunately we cannot test this case easily, as it would involve a custom hostname lookup. We do not need to check %IP, as it comes straight from inet_ntop, so must have a sane form. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2014-10-29T17:35:09Z Junio C Hamano gitster@pobox.com 2014-10-29T17:35:09Z urn:sha1:a8f01f87d03bef31d3b7f43c4c46398ec76a8e91 * rs/daemon-fixes: daemon: remove write-only variable maxfd daemon: fix error message after bind() daemon: handle gethostbyname() error 2014-10-14T17:49:23Z Junio C Hamano gitster@pobox.com 2014-10-14T17:49:22Z urn:sha1:dc11fc2de8d92b9e7935ad070941e86f4e33000b "git daemon" (with NO_IPV6 build configuration) used to incorrectly use the hostname even when gethostbyname() reported that the given hostname is not found. * rs/daemon-fixes: daemon: remove write-only variable maxfd daemon: fix error message after bind() daemon: handle gethostbyname() error