auth: dont allow trailing slash in reponames...
...like "git clone host:foo/", even if it matches "repo foo/.*"
NOTE: I expect a few more of these special cases to be found as time
goes on and people find new ways to abuse the regex system, whether it
is done intentionally or not. Anything not fixable by changing the
config file will be fixed in the code asap.
This one, for instance, seems fixable by using "foo/.+" instead of
"foo/.*". But it actually isn't; the user can do "git clone host:foo//"
and bypass that :(
Still I suspect most situations will get an entry in the "then don't do
that" file :)
----
patient: "doc, it hurts when I do this"
doc: "then don't do that"
This commit is contained in:
Sitaram Chamarty
parent
ff28acb059
commit
a15e910cf8
|
|
@ -103,6 +103,7 @@ my ($verb, $repo) = ($cmd =~ /^\s*(git\s+\S+|\S+)\s+'\/?(.*?)(?:.git)?'/);
|
||||||
die "bad command: $cmd. Make sure the repo name is exactly as in your config\n"
|
die "bad command: $cmd. Make sure the repo name is exactly as in your config\n"
|
||||||
unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS )
|
unless ( $verb and ( $verb =~ $R_COMMANDS or $verb =~ $W_COMMANDS )
|
||||||
and $repo and $repo =~ $REPONAME_PATT );
|
and $repo and $repo =~ $REPONAME_PATT );
|
||||||
|
die "$repo ends with a slash; I don't like that\n" if $repo =~ /\/$/;
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
# first level permissions check
|
# first level permissions check
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue