gotwebd: guard against missing qs->file

From:: Omar Polo <op@omarpolo.com>
Subject:: Re: gotwebd: guard against missing qs->file
To:: Stefan Sperling <stsp@stsp.name>
Cc:: gameoftrees@openbsd.org
Date:: Mon, 29 Jan 2024 14:52:04 +0100

Download raw body.

Thread

2024-01-29 12:52 Omar Polo:
gotwebd: guard against missing qs->file
- 2024-01-29 13:20 Stefan Sperling:
  gotwebd: guard against missing qs->file
- - 2024-01-29 13:52 Omar Polo:
    gotwebd: guard against missing qs->file
  - - 2024-01-29 13:59 Stefan Sperling:
      gotwebd: guard against missing qs->file
    - - 2024-01-30 09:49 Omar Polo:
        gotwebd: guard against missing qs->file

On 2024/01/29 14:20:43 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> On Mon, Jan 29, 2024 at 01:52:30PM +0100, Omar Polo wrote:
> > @@ -218,6 +223,10 @@ gotweb_process_request(struct request *c)
> >  
> >  	switch (qs->action) {
> >  	case BLAME:
> > +		if (qs->folder == NULL || qs->file == NULL) {
> 
> This change introduces a small inconsistency:
> qs->folder is allowed to be NULL in got_output_file_blame() which now
> becomes impossible to reach.

I realized it, but now we seem to always emit a folder parameter[1], maybe
empty, so I was considering being more strict here.

I think got_oput_file_blame() did it either to be pedantic against bad
input or because before folder was not always set.

[1]: there is one case in the tree code that emits a BLOB url and I'm
     not sure if `folder' has to be set at that point.

I can remove the qs->folder check if you prefer.

> > +			error = got_error(GOT_ERR_BAD_QUERYSTRING);
> > +			goto err;
> > +		}

2024-01-29 12:52 Omar Polo:
gotwebd: guard against missing qs->file
- 2024-01-29 13:20 Stefan Sperling:
  gotwebd: guard against missing qs->file
- - 2024-01-29 13:52 Omar Polo:
    gotwebd: guard against missing qs->file
  - - 2024-01-29 13:59 Stefan Sperling:
      gotwebd: guard against missing qs->file
    - - 2024-01-30 09:49 Omar Polo:
        gotwebd: guard against missing qs->file