John Keeping [Sat, 16 Jan 2016 11:03:07 +0000 (11:03 +0000)]
cache: don't check for match with no key
We call open_slot() from cache_ls() without a key since we simply want
to read the path out of the header. Should the file happen to contain
an empty key then we end up calling memcmp() with NULL and a non-zero
length. Fix this by assigning slot->match only if a key is set, which
is always will be in the code paths where we use slot->match.
Coverity-id: 13807 Signed-off-by: John Keeping <john@keeping.me.uk>
John Keeping [Sat, 16 Jan 2016 11:03:05 +0000 (11:03 +0000)]
ui-log: handle parse_commit() errors
If parse_commit() fails, none of the fields in the commit structure will
have been populated so we will dereference NULL when accessing
item->tree.
There isn't much we can do about the error at this point, but if we
return true then we'll try parsing the commit again from print_commit()
and we can report an error to the user at that point.
Coverity-id: 13801 Signed-off-by: John Keeping <john@keeping.me.uk>
Peter Colberg [Tue, 8 Dec 2015 17:53:09 +0000 (12:53 -0500)]
ui-repolist: return HTTP 404 if no repositories found
Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.
Lukas Fleischer [Sun, 13 Dec 2015 00:27:13 +0000 (01:27 +0100)]
Fix segmentation fault in hc()
The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.
Convert all instances of get_object_hash to use an appropriate
reference to the hash member of the oid member of struct object.
This provides no functional change, as it is essentially a macro
substitution.
filter: avoid integer overflow in authenticate_post
ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.
Reported-by: Erik Cabetas <Erik@cabetas.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Christian Hesse [Sun, 16 Aug 2015 12:53:53 +0000 (14:53 +0200)]
ui-summary: send images plain for about page
The about page used to display just fine, but images were broken: The
binary image data was embedded in html code.
Use cgit_print_plain() to send images in plain mode and make them
available on about page.
John Keeping [Fri, 14 Aug 2015 11:47:20 +0000 (12:47 +0100)]
tree: move layout into page function
This also allows us to return proper HTTP error codes when the requested
tree is not found and display an error message in one case (invalid path
inside valid commit) where we previously just displayed an empty page.
cgit_print_error_page() has the advantage that it sets a suitable HTTP
status code for the response. Note that setting "mimetype" is redundant
here since it cannot have changed since being initialized in
cgit.c::prepare_context(), so we do not need to worry that
cgit_print_error_page() does not set it.
John Keeping [Fri, 14 Aug 2015 11:47:08 +0000 (12:47 +0100)]
snapshot: use cgit_print_error_page() for HTTP status codes
This is a bugfix as well as an improvement to the HTTP status code
handling since previously we would not print HTTP headers on any of
these code paths.
John Keeping [Fri, 14 Aug 2015 11:47:06 +0000 (12:47 +0100)]
blob: use cgit_print_error_page() to add HTTP headers
This is a bugfix as well as an improvement to the HTTP status code
handling since previously we would not print HTTP headers on any of
these code paths.
John Keeping [Fri, 14 Aug 2015 11:47:02 +0000 (12:47 +0100)]
cgit: use cgit_print_error_page() where appropriate
These are more-or-less one-to-one translations but in the final hunk we
gain an HTTP error code where we used to send "200 OK", which is an
improvement.
Christian Hesse [Thu, 13 Aug 2015 22:02:50 +0000 (00:02 +0200)]
ui-patch: make sure to send http headers
Requesting a text/plain patch with bad commit id made cgit send text
without proper http headers. This results in "500 Internal Server Error"
with "Premature end of script headers" in server logs.
So print http headers before error message and return.
Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
John Keeping [Thu, 13 Aug 2015 11:24:34 +0000 (12:24 +0100)]
ui-shared: show full date in tooltip if longer ago than max_relative
Commit caed6cb (ui-shared: show absolute time in tooltip for relative
dates, 2014-12-20) added a toolip when we show a relative time.
However, in some cases we show a short date (that is, the date but not
the time) if an event was sufficiently far in the past and that commit
did not update that case to add the same tooltip.
John Keeping [Thu, 13 Aug 2015 11:14:19 +0000 (12:14 +0100)]
ui-tree: use "sane" isgraph()
Git's git-compat-util.h defines a "sane ctype" that does not use locale
information and works with signed chars, but it does not include
isgraph() so we have included ctype.h ourselves.
However, this means we have to include a system header before
git-compat-util.h which may lead to the system defining some macros
(e.g. _FILE_OFFSET_BITS on Solaris) before git-compat-util.h redefines
them with a different value. We cannot include ctype.h after
git-compat-util.h because we have defined many of its functions as
macros which causes a stream of compilation errors.
Defining our own "sane" isgraph() using Git's sane isprint() and
isspace() avoids all of these problems.
John Keeping [Thu, 13 Aug 2015 11:14:17 +0000 (12:14 +0100)]
cache.c: fix header order
git-compat-util.h may define values that affect how system headers are
interpreted, so move sys/sendfile.h after cgit.h (which includes
git-compat-util.h).
John Keeping [Thu, 13 Aug 2015 11:14:16 +0000 (12:14 +0100)]
configfile.c: don't include system headers directly
git-compat-util.h may define various values that affect the
interpretation of system headers. In most places we include cgit.h
first, which pulls in git-compat-util.h, but this file does not depend
on anything else in CGit, so use git-compat-util.h directly.
John Keeping [Thu, 13 Aug 2015 11:14:13 +0000 (12:14 +0100)]
tests: allow shell to be overridden
On some systems (e.g. Solaris), /bin/sh is not a POSIX shell. Git
already provides suitable overrides in its config.mak.uname file and we
provide cgit.conf to allow the user to further change this.
The code for this is taken from Git's t/Makefile, meaning that we now
invoke the tests in the same way that Git does.
John Keeping [Wed, 12 Aug 2015 14:55:28 +0000 (15:55 +0100)]
log: allow users to follow a file
Teach the "log" UI to behave in the same way as "git log --follow", when
given a suitable instruction by the user. The default behaviour remains
to show the log without following renames, but the follow behaviour can
be activated by following a link in the page header.
Follow is not the default because outputting merges in follow mode is
tricky ("git log --follow" will not show merges). We also disable the
graph in follow mode because the commit graph is not simplified so we
end up with frequent gaps in the graph and many lines that do not
connect with any commits we're actually showing.
We also teach the "diff" and "commit" UIs to respect the follow flag on
URLs, causing the single-file version of these UIs to detect renames.
This feature is needed only for commits that rename the path we're
interested in.
For commits before the file has been renamed (i.e. that appear later in
the log list) we change the file path in the links from the log to point
to the old name; this means that links to commits always limit by the
path known to that commit. If we didn't do this we would need to walk
down the log diff'ing every commit whenever we want to show a commit.
The drawback is that the "Log" link in the top bar of such a page links
to the log limited by the old name, so it will only show pre-rename
commits. I consider this a reasonable trade-off since the "Back" button
still works and the log matches the path displayed in the top bar.
Since following renames requires running diff on every commit we
consider, I've added a knob to the configuration file to globally
enable/disable this feature. Note that we may consider a large number
of commits the revision walking machinery no longer performs any path
limitation so we have to examine every commit until we find a page full
of commits that affect the target path or something related to it.