projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bed931c) | patch
core: Sanitize error text validating refs (e.g. against HTML)
authorColin Walters <walters@verbum.org>
Wed, 19 Jul 2017 09:47:33 +0000 (05:47 -0400)
committerAtomic Bot <atomic-devel@projectatomic.io>
Wed, 19 Jul 2017 14:45:57 +0000 (14:45 +0000)
commitc740b7f6d2310105b1a978aa7448d529bacad0c9
tree421c89b763ce34ebe3c06fc079438f614ff570b9tree | snapshot
parentbed931c91f4e5471bbb9f0b5f6bfe3e166858da7commit | diff
core: Sanitize error text validating refs (e.g. against HTML)

See: https://github.com/projectatomic/rpm-ostree/issues/885

If we get a successful Apache directory listing HTML when fetching what we
intend to be a ref, we'd dump the HTML into the error.

I did some scanning of the pull code, and this was the only case
I saw offhand where we were dumping text out into an error.  Which
makes sense, since most of our formats are binary, the exeptions I
think are just `repo/config` and `repo/refs/`.

Closes: #1015
Approved by: mbarnes
src/libostree/ostree-core.c diff | blob | history
src/libostree/ostree-repo-pull.c diff | blob | history
tests/pull-test.sh diff | blob | history
tests/test-delta.sh diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.