[prev in list] [next in list] [prev in thread] [next in thread]
List: cgit
Subject: [PATCH 1/3] ui-shared: don't print path crumbs without a repo
From: John Keeping <john () keeping ! me ! uk>
Date: 2017-02-19 12:44:59
Message-ID: 054e86cd7251e943dead07e8b068976bd93c1677.1487507852.git.john () keeping ! me ! uk
[Download RAW message or body]
cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo
is non-null. Currently we don't have any commands that set want_vpath
without also setting want_repo so it shouldn't be possible to fail this
test, but the check in cgit.c is in the wrong order so it is possible to
specify a query string like "?p=log&path=foo/bar" to end up here without
a valid repository.
This was found by American fuzzy lop [0].
[0] http://lcamtuf.coredump.cx/afl/
Signed-off-by: John Keeping <john@keeping.me.uk>
---
ui-shared.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ui-shared.c b/ui-shared.c
index 2e4fcd9..e5c9a02 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -1039,7 +1039,7 @@ void cgit_print_pageheader(void)
free(currenturl);
}
html("</td></tr></table>\n");
- if (ctx.env.authenticated && ctx.qry.vpath) {
+ if (ctx.env.authenticated && ctx.repo && ctx.qry.vpath) {
html("<div class='path'>");
html("path: ");
cgit_print_path_crumbs(ctx.qry.vpath);
--
2.12.0.rc2.230.ga28edc07cd
_______________________________________________
CGit mailing list
CGit@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/cgit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic