Commit cc18a9041607ade66988adf85046170c984a5793
2020-02-13T23:40:43
catch invalid actions and git paths earlier in querystring parsing
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
diff --git a/gotweb/gotweb.c b/gotweb/gotweb.c
index e370e12..0235b8d 100644
--- a/gotweb/gotweb.c
+++ b/gotweb/gotweb.c
@@ -1539,6 +1539,12 @@ gw_load_got_path(struct gw_trans *gw_trans, struct gw_dir *gw_dir)
error = got_error_from_errno("strdup");
goto errored;
}
+
+ dt = opendir(dir_test);
+ if (dt == NULL) {
+ error = got_error(GOT_ERR_NOT_GIT_REPO);
+ goto errored;
+ }
done:
error = gw_get_repo_description(&gw_dir->description, gw_trans,
gw_dir->path);
@@ -1652,6 +1658,7 @@ gw_parse_querystring(struct gw_trans *gw_trans)
if (gw_trans->action == -1) {
gw_trans->action = GW_ERR;
gw_trans->error = got_error_from_errno("bad action");
+ return error;
}
if ((p = gw_trans->gw_req->fieldmap[KEY_COMMIT_ID])) {
@@ -1679,9 +1686,7 @@ gw_parse_querystring(struct gw_trans *gw_trans)
if (error)
return error;
- error = gw_load_got_path(gw_trans, gw_trans->gw_dir);
- if (error)
- return error;
+ gw_trans->error = gw_load_got_path(gw_trans, gw_trans->gw_dir);
} else
gw_trans->action = GW_INDEX;
@@ -1757,6 +1762,10 @@ gw_display_index(struct gw_trans *gw_trans)
const struct got_error *error;
enum kcgi_err kerr;
+ /* catch early querystring errors */
+ if (gw_trans->error)
+ gw_trans->action = GW_ERR;
+
error = gw_display_open(gw_trans, KHTTP_200, gw_trans->mime);
if (error)
return error;