X-Git-Url: https://git.verplant.org/?a=blobdiff_plain;f=daemon.c;h=91b96569cd75c77cd4ee169c55be045daccf3908;hb=562051809589574576971c53c23aad93f8c395d9;hp=ac4c94bc709350471d66180d427a7e5df91c6235;hpb=4dbd13527933261076bbed1a5a2daa60a752d096;p=git.git diff --git a/daemon.c b/daemon.c index ac4c94bc..91b96569 100644 --- a/daemon.c +++ b/daemon.c @@ -92,25 +92,21 @@ static char *path_ok(char *dir) } if ( ok_paths && *ok_paths ) { - char **pp = NULL; - int dirlen = strlen(dir); + char **pp; int pathlen = strlen(path); + /* The validation is done on the paths after enter_repo + * canonicalization, so whitelist should be written in + * terms of real pathnames (i.e. after ~user is expanded + * and symlinks resolved). + */ for ( pp = ok_paths ; *pp ; pp++ ) { int len = strlen(*pp); - /* because of symlinks we must match both what the - * user passed and the canonicalized path, otherwise - * the user can send a string matching either a whitelist - * entry or an actual directory exactly and still not - * get through */ - if (len <= pathlen && !memcmp(*pp, path, len)) { - if (path[len] == '\0' || (!strict_paths && path[len] == '/')) - return path; - } - if (len <= dirlen && !memcmp(*pp, dir, len)) { - if (dir[len] == '\0' || (!strict_paths && dir[len] == '/')) - return path; - } + if (len <= pathlen && + !memcmp(*pp, path, len) && + (path[len] == '\0' || + (!strict_paths && path[len] == '/'))) + return path; } } else { @@ -160,7 +156,7 @@ static int upload(char *dir) snprintf(timeout_buf, sizeof timeout_buf, "--timeout=%u", timeout); /* git-upload-pack only ever reads stuff, so this is safe */ - execlp("git-upload-pack", "git-upload-pack", "--strict", timeout_buf, path, NULL); + execlp("git-upload-pack", "git-upload-pack", "--strict", timeout_buf, ".", NULL); return -1; } @@ -470,8 +466,14 @@ static int socksetup(int port, int **socklist_p) return 0; } + if (listen(sockfd, 5) < 0) { + close(sockfd); + return 0; + } + *socklist_p = xmalloc(sizeof(int)); **socklist_p = sockfd; + return 1; } #endif