gotwebd: don't use NULL pointer in *printf(3) calls

From:: Mark Jamsek <mark@jamsek.com>
Subject:: gotwebd: don't use NULL pointer in *printf(3) calls
To:: gameoftrees@openbsd.org
Date:: Sun, 24 Nov 2024 16:47:47 +1100

Download raw body.

Thread

2024-11-24 05:47 Mark Jamsek:
gotwebd: don't use NULL pointer in *printf(3) calls
- 2024-11-24 13:09 Stefan Sperling:
  gotwebd: don't use NULL pointer in *printf(3) calls
- 2024-11-24 14:09 Omar Polo:
  gotwebd: don't use NULL pointer in *printf(3) calls

The below diff avoids some undefined behaviour where we pass a NULL
pointer to a series of printf(3) functions when the query string to
gotwebd does not contain a path parameter. This was found thanks to
a report from Mischa shared by stsp on IRC.


commit 6c3c9861fa886ed16cba03b9d9df4744979dc300
from: Mark Jamsek <mark@jamsek.dev>
date: Sun Nov 24 05:14:25 2024 UTC

gotwebd: fix UB when path param is not in query

Don't pass NULL as a *printf(3) %s conversion specifier argument.
If the path parameter is not defined, return repo not found error.

M  gotwebd/gotweb.c  |  3+  0-

1 file changed, 3 insertions(+), 0 deletions(-)

commit - b68e64b1d55c9b06ac807e265083267f655ad65c
commit + 6c3c9861fa886ed16cba03b9d9df4744979dc300
blob - cc06209b1e8c52eb8460afa45b05725c2650d9e2
blob + 8cb8b818f4c6074b02022a654a94701232e3456b
--- gotwebd/gotweb.c
+++ gotwebd/gotweb.c
@@ -1069,6 +1069,9 @@ gotweb_load_got_path(struct repo_dir **rp, const char 
 	DIR *dt;
 	char *dir_test;
 
+	if (dir == NULL)
+		return got_error(GOT_ERR_NOT_GIT_REPO);
+
 	*rp = calloc(1, sizeof(**rp));
 	if (*rp == NULL)
 		return got_error_from_errno("calloc");


-- 
Mark Jamsek <https://bsdbox.org>
GPG: F2FF 13DE 6A06 C471 CA80  E6E2 2930 DC66 86EE CF68

2024-11-24 05:47 Mark Jamsek:
gotwebd: don't use NULL pointer in *printf(3) calls
- 2024-11-24 13:09 Stefan Sperling:
  gotwebd: don't use NULL pointer in *printf(3) calls
- 2024-11-24 14:09 Omar Polo:
  gotwebd: don't use NULL pointer in *printf(3) calls