deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

review all user input, system(), and ``

Browse source
This commit is contained in:
Sitaram Chamarty 2012-03-21 09:34:39 +05:30
parent 98a6b08ff4
commit 5e2e13aac2
3 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/commands/desc
View file

@ -16,14 +16,18 @@ repo=$1; shift
# this shell script takes arguments that are completely under the user's # this shell script takes arguments that are completely under the user's
# control, so make sure you quote those suckers! # control, so make sure you quote those suckers!
gitolite creator "$repo" $GL_USER || die You are not authorised gitolite creator "$repo" $GL_USER || die You are not authorised
# if it passes, $repo is a valid repo name so it is known to contain only sane
# characters. This is because 'gitolite creator' return true only if there
# *is* a repo of that name and it has a gl-creator file that contains the same
# text as $GL_USER.
descfile=`gitolite query-rc GL_REPO_BASE`/"$repo".git/description descfile=`gitolite query-rc GL_REPO_BASE`/"$repo".git/description
if [ -z "$1" ] if [ -z "$1" ]
then then
[ -r $descfile ] && cat $descfile [ -r "$descfile" ] && cat "$descfile"
exit 0 exit 0
fi fi
echo "$*" > $descfile echo "$*" > "$descfile"

1
src/commands/perms
View file

@ -69,6 +69,7 @@ sub setperms {
my ( $op, $role, $user ) = @_; my ( $op, $role, $user ) = @_;
_die "Invalid syntax. Please re-run with '-h' for detailed usage" if $op ne '+' and $op ne '-'; _die "Invalid syntax. Please re-run with '-h' for detailed usage" if $op ne '+' and $op ne '-';
_die "Invalid role '$role'; check the rc file" if not $rc{ROLES}{$role}; _die "Invalid role '$role'; check the rc file" if not $rc{ROLES}{$role};
_die "Invalid user '$user'" if not $user =~ $USERNAME_PATT;
my $text = ''; my $text = '';
my @text = slurp($pf) if -f $pf; my @text = slurp($pf) if -f $pf;

3
src/commands/post-compile/ssh-authkeys
View file

@ -87,6 +87,7 @@ sub fp {
my $in = shift || ''; my $in = shift || '';
if ( $in =~ /\.pub$/ ) { if ( $in =~ /\.pub$/ ) {
# single pubkey file # single pubkey file
_die "bad pubkey file '$in'" unless $in =~ $REPONAME_PATT;
return fp_file($in); return fp_file($in);
} elsif ( -f $in ) { } elsif ( -f $in ) {
# an authkeys file # an authkeys file
@ -99,7 +100,7 @@ sub fp {
sub fp_file { sub fp_file {
my $f = shift; my $f = shift;
my $fp = `ssh-keygen -l -f $f`; my $fp = `ssh-keygen -l -f '$f'`;
chomp($fp); chomp($fp);
_die "fingerprinting failed for $f" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/; _die "fingerprinting failed for $f" unless $fp =~ /([0-9a-f][0-9a-f](:[0-9a-f][0-9a-f])+)/;
$fp = $1; $fp = $1;