Commit 1b33afc076fe3093ec111efe027938b1ba2c9489
2020-02-14T23:48:52
improve gw_blame querystring checking. remove XXX comments, since repo_file is now checked before dumping blob
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
diff --git a/gotweb/gotweb.c b/gotweb/gotweb.c
index 47073da..8bd2989 100644
--- a/gotweb/gotweb.c
+++ b/gotweb/gotweb.c
@@ -326,7 +326,7 @@ gw_blame(struct gw_trans *gw_trans)
const struct got_error *error = NULL;
struct gw_header *header = NULL;
char *age = NULL;
- enum kcgi_err kerr;
+ enum kcgi_err kerr = KCGI_OK;
if (pledge("stdio rpath wpath cpath proc exec sendfd unveil",
NULL) == -1)
@@ -339,10 +339,21 @@ gw_blame(struct gw_trans *gw_trans)
if (error)
goto done;
+ /* check querystring */
+ if (gw_trans->repo_file == NULL) {
+ error = got_error_msg(GOT_ERR_QUERYSTRING,
+ "file required in querystring");
+ goto done;
+ }
+ if (gw_trans->commit_id == NULL) {
+ error = got_error_msg(GOT_ERR_QUERYSTRING,
+ "commit required in querystring");
+ goto done;
+ }
+
error = gw_get_header(gw_trans, header, 1);
if (error)
goto done;
-
kerr = khtml_attr(gw_trans->gw_html_req, KELEM_DIV, KATTR_ID,
"blame_header_wrapper", KATTR__MAX);
if (kerr != KCGI_OK)
@@ -1777,7 +1788,6 @@ gw_display_open(struct gw_trans *gw_trans, enum khttp code, enum kmime mime)
if (kerr != KCGI_OK)
return gw_kcgi_error(kerr);
- /* XXX repo_file could be NULL if not present in querystring */
if (gw_trans->mime == KMIME_APP_OCTET_STREAM) {
kerr = khttp_head(gw_trans->gw_req,
kresps[KRESP_CONTENT_DISPOSITION],
@@ -3379,7 +3389,7 @@ gw_blame_cb(void *arg, int nlines, int lineno, struct got_object_id *id)
"blame_hash", KATTR__MAX);
if (kerr != KCGI_OK)
goto err;
- /* XXX repo_file could be NULL if not present in querystring */
+
if (asprintf(&href_diff,
"?path=%s&action=diff&commit=%s&file=%s&folder=%s",
a->gw_trans->repo_name, bline->id_str,
@@ -3468,7 +3478,6 @@ gw_output_file_blame(struct gw_trans *gw_trans)
int i, obj_type;
size_t filesize;
- /* XXX repo_file could be NULL if not present in querystring */
if (asprintf(&path, "%s%s%s",
gw_trans->repo_folder ? gw_trans->repo_folder : "",
gw_trans->repo_folder ? "/" : "",
@@ -3541,20 +3550,22 @@ gw_output_file_blame(struct gw_trans *gw_trans)
error = got_blame(in_repo_path, commit_id, gw_trans->repo, gw_blame_cb,
&bca, NULL, NULL);
done:
- free(bca.line_offsets);
free(in_repo_path);
free(commit_id);
free(obj_id);
free(path);
- for (i = 0; i < bca.nlines; i++) {
- struct blame_line *bline = &bca.lines[i];
- free(bline->id_str);
- free(bline->committer);
+ if (blob) {
+ free(bca.line_offsets);
+ for (i = 0; i < bca.nlines; i++) {
+ struct blame_line *bline = &bca.lines[i];
+ free(bline->id_str);
+ free(bline->committer);
+ }
+ free(bca.lines);
+ if (bca.f && fclose(bca.f) == EOF && error == NULL)
+ error = got_error_from_errno("fclose");
}
- free(bca.lines);
- if (bca.f && fclose(bca.f) == EOF && error == NULL)
- error = got_error_from_errno("fclose");
if (blob)
got_object_blob_close(blob);
return error;