summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <junkio@cox.net>2005-11-21 01:21:18 -0800
committerJunio C Hamano <junkio@cox.net>2005-11-21 13:47:00 -0800
commitce335fe04f32261e0204280281989ffbb5d990c6 (patch)
treeeeb50e70a0239e4ad908a6aeb99d060b61c9e0d2
parent4dbd13527933261076bbed1a5a2daa60a752d096 (diff)
downloadgit-ce335fe04f32261e0204280281989ffbb5d990c6.tar.gz
daemon: further tweaks.
- Do validation only on canonicalized paths - Run upload-pack with "." as repository argument Signed-off-by: Junio C Hamano <junkio@cox.net>
-rw-r--r--Documentation/git-daemon.txt4
-rw-r--r--daemon.c28
2 files changed, 14 insertions, 18 deletions
diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt
index 972e0e1571..2a8f371ec9 100644
--- a/Documentation/git-daemon.txt
+++ b/Documentation/git-daemon.txt
@@ -8,7 +8,7 @@ git-daemon - A really simple server for git repositories.
SYNOPSIS
--------
'git-daemon' [--verbose] [--syslog] [--inetd | --port=n] [--export-all]
- [--timeout=n] [--init-timeout=n] [directory...]
+ [--timeout=n] [--init-timeout=n] [--strict-paths] [directory...]
DESCRIPTION
-----------
@@ -29,7 +29,7 @@ This is ideally suited for read-only updates, ie pulling from git repositories.
OPTIONS
-------
-+--strict-paths::
+--strict-paths::
Match paths exactly (i.e. don't allow "/foo/repo" when the real path is
"/foo/repo.git" or "/foo/repo/.git") and don't do user-relative paths.
git-daemon will refuse to start when this option is enabled and no
diff --git a/daemon.c b/daemon.c
index ac4c94bc70..d788167ae0 100644
--- a/daemon.c
+++ b/daemon.c
@@ -92,25 +92,21 @@ static char *path_ok(char *dir)
}
if ( ok_paths && *ok_paths ) {
- char **pp = NULL;
- int dirlen = strlen(dir);
+ char **pp;
int pathlen = strlen(path);
+ /* The validation is done on the paths after enter_repo
+ * canonicalization, so whitelist should be written in
+ * terms of real pathnames (i.e. after ~user is expanded
+ * and symlinks resolved).
+ */
for ( pp = ok_paths ; *pp ; pp++ ) {
int len = strlen(*pp);
- /* because of symlinks we must match both what the
- * user passed and the canonicalized path, otherwise
- * the user can send a string matching either a whitelist
- * entry or an actual directory exactly and still not
- * get through */
- if (len <= pathlen && !memcmp(*pp, path, len)) {
- if (path[len] == '\0' || (!strict_paths && path[len] == '/'))
- return path;
- }
- if (len <= dirlen && !memcmp(*pp, dir, len)) {
- if (dir[len] == '\0' || (!strict_paths && dir[len] == '/'))
- return path;
- }
+ if (len <= pathlen &&
+ !memcmp(*pp, path, len) &&
+ (path[len] == '\0' ||
+ (!strict_paths && path[len] == '/')))
+ return path;
}
}
else {
@@ -160,7 +156,7 @@ static int upload(char *dir)
snprintf(timeout_buf, sizeof timeout_buf, "--timeout=%u", timeout);
/* git-upload-pack only ever reads stuff, so this is safe */
- execlp("git-upload-pack", "git-upload-pack", "--strict", timeout_buf, path, NULL);
+ execlp("git-upload-pack", "git-upload-pack", "--strict", timeout_buf, ".", NULL);
return -1;
}