diff options
| author | stypr <me@harold.kim> | 2020-11-27 19:52:42 +0900 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-27 18:52:42 +0800 |
| commit | cd469f7a1dcff9f6d7a7ef2fbc76fd7ba0fceed7 (patch) | |
| tree | 80317216e9d51f940e757b10e4cba35e9c872358 /internal | |
| parent | c7f58ca8703fcdd56c2db74361addb8f16d39b0c (diff) | |
repo: disallow urlencoded new lines in git protocol paths (#6420)
Co-authored-by: ᴜɴᴋɴᴡᴏɴ <u@gogs.io>
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/form/repo.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/internal/form/repo.go b/internal/form/repo.go index 26acb2bf..ed963307 100644 --- a/internal/form/repo.go +++ b/internal/form/repo.go @@ -72,6 +72,10 @@ func (f MigrateRepo) ParseRemoteAddr(user *db.User) (string, error) { if len(f.AuthUsername)+len(f.AuthPassword) > 0 { u.User = url.UserPassword(f.AuthUsername, f.AuthPassword) } + // To prevent CRLF injection in git protocol, see https://github.com/gogs/gogs/issues/6413 + if u.Scheme == "git" && (strings.Contains(remoteAddr, "%0d") || strings.Contains(remoteAddr, "%0a")) { + return "", db.ErrInvalidCloneAddr{IsURLError: true} + } remoteAddr = u.String() } else if !user.CanImportLocal() { return "", db.ErrInvalidCloneAddr{IsPermissionDenied: true} |