From c699866699411346c5dba406457581013f85a873 Mon Sep 17 00:00:00 2001 From: John Keeping Date: Sun, 19 Feb 2017 12:17:05 +0000 Subject: parsing: clear query path before starting By specifying the "url" query parameter multiple times it is possible to end up with ctx.qry.vpath set while ctx.repo is null, which triggers an invalid code path from cgit_print_pageheader() while printing path crumbs, resulting in a null dereference. The previous patch fixed this segfault, but it makes no sense for us to clear ctx.repo while leaving ctx.qry.path set to the previous value, so let's just clear it here so that the last "url" parameter given takes full effect rather than partially overriding the effect of the previous value. Signed-off-by: John Keeping --- parsing.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'parsing.c') diff --git a/parsing.c b/parsing.c index 9dacb16..b8d7f10 100644 --- a/parsing.c +++ b/parsing.c @@ -21,6 +21,7 @@ void cgit_parse_url(const char *url) struct cgit_repo *repo; ctx.repo = NULL; + ctx.qry.page = NULL; if (!url || url[0] == '\0') return; @@ -53,7 +54,6 @@ void cgit_parse_url(const char *url) } if (cmd[1]) ctx.qry.page = xstrdup(cmd + 1); - return; } } -- cgit v1.2.3-24-g4f1b From 9d751e7eec4f4bc7292be46f2af774fe1adf336a Mon Sep 17 00:00:00 2001 From: John Keeping Date: Sat, 14 Oct 2017 13:02:53 +0100 Subject: parsing: don't clear existing state with empty input Since commit c699866 (parsing: clear query path before starting, 2017-02-19), we clear the "page" variable simply by calling cgit_parse_url() even if the URL is empty. This breaks a URL like: .../cgit?p=about which is generated when using the "root-readme" configuration option. This happens because "page" is set to "about" when parsing the query string before we handle the path (which is empty, but non-null). It turns out that this is not the only case which is broken, but specifying repository and page via query options has been broken since before the commit mentioned above, for example: .../cgit?r=git&p=log Fix both of these by allowing the previous state to persist if PATH_INFO is empty, falling back to the query parameters if no path has been requested. Reported-by: Tom Ryder Signed-off-by: John Keeping --- parsing.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'parsing.c') diff --git a/parsing.c b/parsing.c index b8d7f10..fd1ea99 100644 --- a/parsing.c +++ b/parsing.c @@ -20,11 +20,10 @@ void cgit_parse_url(const char *url) char *c, *cmd, *p; struct cgit_repo *repo; - ctx.repo = NULL; - ctx.qry.page = NULL; if (!url || url[0] == '\0') return; + ctx.qry.page = NULL; ctx.repo = cgit_get_repoinfo(url); if (ctx.repo) { ctx.qry.repo = ctx.repo->url; -- cgit v1.2.3-24-g4f1b