Commit 9b16bb7603e1fff6b2ca4ecea0907b824bd7f0f9
- Date: Tue Apr 15 20:50:00 +0000 2008
- Committer: Johan Sørensen (johan@johansorensen.com)
- Author: Johan Sørensen (johan@johansorensen.com)
- Commit SHA1: 9b16bb7603e1fff6b2ca4ecea0907b824bd7f0f9
- Tree SHA1: 6d3108af8762e55bc2ab3925f1646ad2c4f5bd6c
Further path sanity checking
Commit diff
| | |
| 53 | 53 | if line =~ service_regexp |
| 54 | 54 | code = $1 |
| 55 | 55 | service = $2 |
| 56 | | path = $3 |
| 56 | base_path = $3 |
| 57 | 57 | host = $4 |
| 58 | 58 | |
| 59 | | path = "#{BASE_PATH}/#{path}" |
| 60 | | if !File.directory?(path) |
| 61 | | log(Process.pid, "Invalid path: #{path}") |
| 59 | path = "#{BASE_PATH}/#{base_path}" |
| 60 | if !File.join(File.expand_path(path)).index(BASE_PATH) == 0 || !File.directory?(path) |
| 61 | log(Process.pid, "Invalid path: #{base_path}") |
| 62 | 62 | session.close |
| 63 | 63 | next |
| 64 | 64 | end |
| … | … | |
| 80 | 80 | end |
| 81 | 81 | pid = Process.pid |
| 82 | 82 | ip_family, port, name, ip = session.peeraddr |
| 83 | | log(pid, "Connection from #{ip}") |
| 83 | log(pid, "Connection from #{ip} for #{path.inspect}") |
| 84 | 84 | |
| 85 | 85 | $stdout.reopen(session) |
| 86 | 86 | $stdin.reopen(session) |
| toggle raw diff |
--- a/script/git-daemon
+++ b/script/git-daemon
@@ -53,12 +53,12 @@ class Daemon
if line =~ service_regexp
code = $1
service = $2
- path = $3
+ base_path = $3
host = $4
- path = "#{BASE_PATH}/#{path}"
- if !File.directory?(path)
- log(Process.pid, "Invalid path: #{path}")
+ path = "#{BASE_PATH}/#{base_path}"
+ if !File.join(File.expand_path(path)).index(BASE_PATH) == 0 || !File.directory?(path)
+ log(Process.pid, "Invalid path: #{base_path}")
session.close
next
end
@@ -80,7 +80,7 @@ class Daemon
end
pid = Process.pid
ip_family, port, name, ip = session.peeraddr
- log(pid, "Connection from #{ip}")
+ log(pid, "Connection from #{ip} for #{path.inspect}")
$stdout.reopen(session)
$stdin.reopen(session) |
