John Keeping [Mon, 8 Feb 2016 14:12:35 +0000 (14:12 +0000)]
ui-stats: cast pointer before checking for zero
We abuse the "void *util" field as a counter and recently started to
cast it to a uintptr_t to avoid risking nasal demons by performing
arithmetic on a void pointer.
However, compilers are also known to do "interesting" things if they
know that a pointer is or isn't NULL. Make this safer by checking if
the counter (after casting) is non-zero rather than checking if the
pointer is non-null.
John Keeping [Sat, 16 Jan 2016 11:03:07 +0000 (11:03 +0000)]
cache: don't check for match with no key
We call open_slot() from cache_ls() without a key since we simply want
to read the path out of the header. Should the file happen to contain
an empty key then we end up calling memcmp() with NULL and a non-zero
length. Fix this by assigning slot->match only if a key is set, which
is always will be in the code paths where we use slot->match.
Coverity-id: 13807 Signed-off-by: John Keeping <john@keeping.me.uk>
John Keeping [Sat, 16 Jan 2016 11:03:05 +0000 (11:03 +0000)]
ui-log: handle parse_commit() errors
If parse_commit() fails, none of the fields in the commit structure will
have been populated so we will dereference NULL when accessing
item->tree.
There isn't much we can do about the error at this point, but if we
return true then we'll try parsing the commit again from print_commit()
and we can report an error to the user at that point.
Coverity-id: 13801 Signed-off-by: John Keeping <john@keeping.me.uk>
Peter Colberg [Tue, 8 Dec 2015 17:53:09 +0000 (12:53 -0500)]
ui-repolist: return HTTP 404 if no repositories found
Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.
Lukas Fleischer [Sun, 13 Dec 2015 00:27:13 +0000 (01:27 +0100)]
Fix segmentation fault in hc()
The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.
Convert all instances of get_object_hash to use an appropriate
reference to the hash member of the oid member of struct object.
This provides no functional change, as it is essentially a macro
substitution.
filter: avoid integer overflow in authenticate_post
ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.
Reported-by: Erik Cabetas <Erik@cabetas.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Christian Hesse [Sun, 16 Aug 2015 12:53:53 +0000 (14:53 +0200)]
ui-summary: send images plain for about page
The about page used to display just fine, but images were broken: The
binary image data was embedded in html code.
Use cgit_print_plain() to send images in plain mode and make them
available on about page.
John Keeping [Fri, 14 Aug 2015 11:47:20 +0000 (12:47 +0100)]
tree: move layout into page function
This also allows us to return proper HTTP error codes when the requested
tree is not found and display an error message in one case (invalid path
inside valid commit) where we previously just displayed an empty page.
cgit_print_error_page() has the advantage that it sets a suitable HTTP
status code for the response. Note that setting "mimetype" is redundant
here since it cannot have changed since being initialized in
cgit.c::prepare_context(), so we do not need to worry that
cgit_print_error_page() does not set it.
John Keeping [Fri, 14 Aug 2015 11:47:08 +0000 (12:47 +0100)]
snapshot: use cgit_print_error_page() for HTTP status codes
This is a bugfix as well as an improvement to the HTTP status code
handling since previously we would not print HTTP headers on any of
these code paths.
John Keeping [Fri, 14 Aug 2015 11:47:06 +0000 (12:47 +0100)]
blob: use cgit_print_error_page() to add HTTP headers
This is a bugfix as well as an improvement to the HTTP status code
handling since previously we would not print HTTP headers on any of
these code paths.
John Keeping [Fri, 14 Aug 2015 11:47:02 +0000 (12:47 +0100)]
cgit: use cgit_print_error_page() where appropriate
These are more-or-less one-to-one translations but in the final hunk we
gain an HTTP error code where we used to send "200 OK", which is an
improvement.
Christian Hesse [Thu, 13 Aug 2015 22:02:50 +0000 (00:02 +0200)]
ui-patch: make sure to send http headers
Requesting a text/plain patch with bad commit id made cgit send text
without proper http headers. This results in "500 Internal Server Error"
with "Premature end of script headers" in server logs.
So print http headers before error message and return.
Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
John Keeping [Thu, 13 Aug 2015 11:24:34 +0000 (12:24 +0100)]
ui-shared: show full date in tooltip if longer ago than max_relative
Commit caed6cb (ui-shared: show absolute time in tooltip for relative
dates, 2014-12-20) added a toolip when we show a relative time.
However, in some cases we show a short date (that is, the date but not
the time) if an event was sufficiently far in the past and that commit
did not update that case to add the same tooltip.
John Keeping [Thu, 13 Aug 2015 11:14:19 +0000 (12:14 +0100)]
ui-tree: use "sane" isgraph()
Git's git-compat-util.h defines a "sane ctype" that does not use locale
information and works with signed chars, but it does not include
isgraph() so we have included ctype.h ourselves.
However, this means we have to include a system header before
git-compat-util.h which may lead to the system defining some macros
(e.g. _FILE_OFFSET_BITS on Solaris) before git-compat-util.h redefines
them with a different value. We cannot include ctype.h after
git-compat-util.h because we have defined many of its functions as
macros which causes a stream of compilation errors.
Defining our own "sane" isgraph() using Git's sane isprint() and
isspace() avoids all of these problems.
John Keeping [Thu, 13 Aug 2015 11:14:17 +0000 (12:14 +0100)]
cache.c: fix header order
git-compat-util.h may define values that affect how system headers are
interpreted, so move sys/sendfile.h after cgit.h (which includes
git-compat-util.h).
John Keeping [Thu, 13 Aug 2015 11:14:16 +0000 (12:14 +0100)]
configfile.c: don't include system headers directly
git-compat-util.h may define various values that affect the
interpretation of system headers. In most places we include cgit.h
first, which pulls in git-compat-util.h, but this file does not depend
on anything else in CGit, so use git-compat-util.h directly.