<div dir="auto">Excellent. Running AFL on cgit is a great idea. I'll merge and review when I'm back at my desk on Tuesday.</div><div class="gmail_extra"><br><div class="gmail_quote">On Feb 19, 2017 12:45, "John Keeping" <<a href="mailto:john@keeping.me.uk">john@keeping.me.uk</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I set AFL [0] loose on CGit's URL input yesterday and it managed to find<br>
one issue that leads to a segfault via a null dereference.<br>
<br>
Either of the first or third patches fixes the segfault, but I much<br>
prefer the first as a solid fix, the third is a bit too subtle as a way<br>
to ensure that the necessary invariant holds.<br>
<br>
The second patch also fixes the route that AFL found, but it's possible<br>
to get the same effect using broken out query parameters like<br>
"?p=log&path=foo" but I'm including it because it seems to make sense to<br>
use the value of the final "url" parameter we receive fully rather than<br>
some combination of that and a previous URL.<br>
<br>
[0] <a href="http://lcamtuf.coredump.cx/afl/" rel="noreferrer" target="_blank">http://lcamtuf.coredump.cx/<wbr>afl/</a><br>
<br>
John Keeping (3):<br>
ui-shared: don't print path crumbs without a repo<br>
parsing: clear query path before starting<br>
cgit: don't set vpath unless repo is set<br>
<br>
cgit.c | 12 ++++++------<br>
parsing.c | 2 +-<br>
ui-shared.c | 2 +-<br>
3 files changed, 8 insertions(+), 8 deletions(-)<br>
<font color="#888888"><br>
--<br>
2.12.0.rc2.230.ga28edc07cd<br>
<br>
______________________________<wbr>_________________<br>
CGit mailing list<br>
<a href="mailto:CGit@lists.zx2c4.com">CGit@lists.zx2c4.com</a><br>
<a href="https://lists.zx2c4.com/mailman/listinfo/cgit" rel="noreferrer" target="_blank">https://lists.zx2c4.com/<wbr>mailman/listinfo/cgit</a><br>
</font></blockquote></div><br></div>