| Commit message (Collapse) | Author | Age | Files | Lines |
|
Not sure if there's a better fix for this. defbranch is
NULL here on my setup when a crawler hit an invalid URL,
causing strcmp to segfault.
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
ctx.qry.head can be NULL in some cases due to bad requests
by weird bots. I managed to reproduce with:
PATH_INFO=/repo.git/shop.php QUERY_STRING=id=
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
Each individual string may be too long for its respective
dimension of the LCS table.
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|
|
This fixes a segfault for me with with -O2 optimization on x86
with gcc (Debian 4.4.5-8) 4.4.5
I can reliably reproduce it with the following parameters
when pointed to the git.git repository:
PATH_INFO='/git-core.git/diff/'
QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8'
Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
When size is zero, subtracting one from it turns it into
ULONG_MAX which causes an out-of-bounds access on buf.
Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
I run an instance of lighttpd for cgit behind nginx (nginx
doesn't execute CGI). So the port (SERVER_PORT=33333) that
lighttpd runs on sends to cgit is different from the standard
port 80 that public clients connect to (via nginx).
This was causing the Atom feed URL to show the private port
number that lighttpd was running on.
Since the HTTP/1.1 "Host" header includes the port number if
running on a non-standard port, it allows non-client-facing HTTP
servers to transparently generate public URLs that clients can
see.
So use the "Host" header if it is available and fall back to
SERVER_NAME/SERVER_PORT for some clients that don't set
HTTP_HOST.
Signed-off-by: Eric Wong <normalperson@yhbt.net>
|