Andrew's git
/
gitweb.git
/ diff
summary
|
log
|
commit
| diff |
tree
commit
grep
author
committer
pickaxe
?
re
daemon: do not forbid user relative paths unconditionally under --base-path
author
Junio C Hamano
<junkio@cox.net>
Sat, 4 Feb 2006 07:50:55 +0000
(23:50 -0800)
committer
Junio C Hamano
<junkio@cox.net>
Mon, 6 Feb 2006 00:51:01 +0000
(16:51 -0800)
Using base-path to relocate the server public space does not
have anything to do with allowing or forbidding user relative
paths.
Signed-off-by: Junio C Hamano <junkio@cox.net>
daemon.c
patch
|
blob
|
history
raw
|
patch
|
inline
| side by side (parent:
df9892f
)
diff --git
a/daemon.c
b/daemon.c
index 532bb0c325fd07e13360389297807a19a11ee33e..324bb04da22e6fcd39a1932c1a775b859aeeb425 100644
(file)
--- a/
daemon.c
+++ b/
daemon.c
@@
-145,13
+145,17
@@
static char *path_ok(char *dir)
if (base_path) {
static char rpath[PATH_MAX];
if (base_path) {
static char rpath[PATH_MAX];
- if (*dir != '/') {
- /* Forbid possible base-path evasion using ~paths. */
+ if (!strict_paths && *dir == '~')
+ ; /* allow user relative paths */
+ else if (*dir != '/') {
+ /* otherwise allow only absolute */
logerror("'%s': Non-absolute path denied (base-path active)", dir);
return NULL;
}
logerror("'%s': Non-absolute path denied (base-path active)", dir);
return NULL;
}
- snprintf(rpath, PATH_MAX, "%s%s", base_path, dir);
- dir = rpath;
+ else {
+ snprintf(rpath, PATH_MAX, "%s%s", base_path, dir);
+ dir = rpath;
+ }
}
path = enter_repo(dir, strict_paths);
}
path = enter_repo(dir, strict_paths);