From 27c96a4044f05a338d6ac6187135e6b9ac487e9f Mon Sep 17 00:00:00 2001 From: Michael Muré Date: Sat, 4 Mar 2023 13:10:38 +0100 Subject: repo: improve support for gitdir indirection - add a limited reader to avoid abuse - support recusive indirection (up to depth 10) - check that the pointed to repo does exist --- repository/gogit.go | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'repository/gogit.go') diff --git a/repository/gogit.go b/repository/gogit.go index 01eace6de..96d626652 100644 --- a/repository/gogit.go +++ b/repository/gogit.go @@ -5,6 +5,7 @@ import ( "bytes" "errors" "fmt" + "io" "io/ioutil" "os" "path/filepath" @@ -56,7 +57,7 @@ type GoGitRepo struct { // of "~/myrepo" and a namespace of "git-bug", local storage for the // GoGitRepo will be configured at "~/myrepo/.git/git-bug". func OpenGoGitRepo(path, namespace string, clockLoaders []ClockLoader) (*GoGitRepo, error) { - path, err := detectGitPath(path) + path, err := detectGitPath(path, 0) if err != nil { return nil, err } @@ -160,7 +161,11 @@ func InitBareGoGitRepo(path, namespace string) (*GoGitRepo, error) { }, nil } -func detectGitPath(path string) (string, error) { +func detectGitPath(path string, depth int) (string, error) { + if depth >= 10 { + return "", fmt.Errorf("gitdir loop detected") + } + // normalize the path path, err := filepath.Abs(path) if err != nil { @@ -179,18 +184,22 @@ func detectGitPath(path string) (string, error) { } // We aren't going to defer the dotfile.Close, because we might keep looping, so we have to be sure to // clean up before returning an error - reader := bufio.NewReader(dotfile) + reader := bufio.NewReader(io.LimitReader(dotfile, 2048)) line, _, err := reader.ReadLine() _ = dotfile.Close() if err != nil { - return "", fmt.Errorf(".git exists but is not a direcctory and cannot be read: %w", err) + return "", fmt.Errorf(".git exists but is not a directory and cannot be read: %w", err) } dotContent := string(line) if strings.HasPrefix(dotContent, "gitdir:") { // This is a submodule parent path link. Strip the prefix, clean the string of whitespace just to // be safe, and return dotContent = strings.TrimSpace(strings.TrimPrefix(dotContent, "gitdir: ")) - return dotContent, nil + p, err := detectGitPath(dotContent, depth+1) + if err != nil { + return "", fmt.Errorf(".git gitdir error: %w", err) + } + return p, nil } return "", fmt.Errorf(".git exist but is not a directory or module/workspace file") } -- cgit v1.2.3