packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2353 from cgwalters/uri-scheme-hardening 

pull: Cleanly error out on unknown schemes
This commit is contained in:
Jonathan Lebon 2021-04-27 14:09:10 -04:00 committed by GitHub
parent 0fcf4a3f30 0f3bccf640
commit 60c14240ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/libostree/ostree-fetcher-uri.c
View File

@ -117,3 +117,21 @@ _ostree_fetcher_uri_to_string (OstreeFetcherURI *uri)
{ {
return soup_uri_to_string ((SoupURI*)uri, FALSE); return soup_uri_to_string ((SoupURI*)uri, FALSE);
} }
/* Only accept http, https, and file; particularly curl has a ton of other
* backends like sftp that we don't want, and this also gracefully filters
* out invalid input.
*/
gboolean
_ostree_fetcher_uri_validate (OstreeFetcherURI *uri, GError **error)
{
const char *scheme = soup_uri_get_scheme ((SoupURI*)uri);
// TODO only allow file if explicitly requested by a higher level
if (!(g_str_equal (scheme, "http") || g_str_equal (scheme, "https") || g_str_equal (scheme, "file")))
{
g_autofree char *s = _ostree_fetcher_uri_to_string (uri);
return glnx_throw (error, "Invalid URI scheme in %s", s);
}
return TRUE;
}

3
src/libostree/ostree-fetcher.h
View File

@ -90,6 +90,9 @@ _ostree_fetcher_uri_get_path (OstreeFetcherURI *uri);
char * char *
_ostree_fetcher_uri_to_string (OstreeFetcherURI *uri); _ostree_fetcher_uri_to_string (OstreeFetcherURI *uri);
gboolean
_ostree_fetcher_uri_validate (OstreeFetcherURI *uri, GError **error);
GType _ostree_fetcher_get_type (void) G_GNUC_CONST; GType _ostree_fetcher_get_type (void) G_GNUC_CONST;
OstreeFetcher *_ostree_fetcher_new (int tmpdir_dfd, OstreeFetcher *_ostree_fetcher_new (int tmpdir_dfd,

3
src/libostree/ostree-repo-pull.c
View File

@ -3446,6 +3446,9 @@ compute_effective_mirrorlist (OstreeRepo *self,
if (!baseuri) if (!baseuri)
return FALSE; return FALSE;
if (!_ostree_fetcher_uri_validate (baseuri, error))
return FALSE;
*out_mirrorlist = *out_mirrorlist =
g_ptr_array_new_with_free_func ((GDestroyNotify) _ostree_fetcher_uri_free); g_ptr_array_new_with_free_func ((GDestroyNotify) _ostree_fetcher_uri_free);
g_ptr_array_add (*out_mirrorlist, g_steal_pointer (&baseuri)); g_ptr_array_add (*out_mirrorlist, g_steal_pointer (&baseuri));

12
tests/pull-test.sh
View File

@ -55,10 +55,10 @@ function verify_initial_contents() {
} }
if has_gpgme; then if has_gpgme; then
echo "1..36" echo "1..37"
else else
# 3 tests needs GPG support # 3 tests needs GPG support
echo "1..33" echo "1..34"
fi fi
# Try both syntaxes # Try both syntaxes
@ -142,6 +142,14 @@ ${CMD_PREFIX} ostree --repo=mirrorrepo pull origin main
${CMD_PREFIX} ostree --repo=mirrorrepo fsck ${CMD_PREFIX} ostree --repo=mirrorrepo fsck
echo "ok pull (refuses deltas)" echo "ok pull (refuses deltas)"
${CMD_PREFIX} ostree --repo=mirrorrepo remote add broken badscheme://something
if ${CMD_PREFIX} ostree --repo=mirrorrepo pull broken main 2>err.txt; then
assert_not_reached "pulled from invalid"
fi
assert_file_has_content_literal err.txt "Invalid URI scheme in badscheme://something"
${CMD_PREFIX} ostree --repo=mirrorrepo remote delete broken
echo "ok clean error on invalid scheme"
cd ${test_tmpdir} cd ${test_tmpdir}
rm mirrorrepo/refs/remotes/* -rf rm mirrorrepo/refs/remotes/* -rf
${CMD_PREFIX} ostree --repo=mirrorrepo prune --refs-only ${CMD_PREFIX} ostree --repo=mirrorrepo prune --refs-only