* [PATCH 1/2] http-backend: CGI error messages need to be output on stdout
@ 2021-12-02 0:12 Jan Engelhardt
2021-12-02 0:12 ` [PATCH 2/2] http-backend: give a hint that web browser access is not supported Jan Engelhardt
2021-12-02 7:31 ` [PATCH 1/2] http-backend: CGI error messages need to be output on stdout Junio C Hamano
0 siblings, 2 replies; 3+ messages in thread
From: Jan Engelhardt @ 2021-12-02 0:12 UTC (permalink / raw)
To: git
Accessing a clone-only URL with a browser would always show a blank
page, because the reason string "Request is not supported" was
sent to the wrong file descriptor.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
---
http-backend.c | 4 ++--
t/t5561-http-backend.sh | 46 ++++++++++++++++++++---------------------
2 files changed, 25 insertions(+), 25 deletions(-)
diff --git http-backend.c http-backend.c
index 3d6e2ff17f..8f1b69d127 100644
--- http-backend.c
+++ http-backend.c
@@ -134,7 +134,7 @@ static NORETURN void not_found(struct strbuf *hdr, const char *err, ...)
va_start(params, err);
if (err && *err)
- vfprintf(stderr, err, params);
+ vprintf(err, params);
va_end(params);
exit(0);
}
@@ -150,7 +150,7 @@ static NORETURN void forbidden(struct strbuf *hdr, const char *err, ...)
va_start(params, err);
if (err && *err)
- vfprintf(stderr, err, params);
+ vprintf(err, params);
va_end(params);
exit(0);
}
diff --git t/t5561-http-backend.sh t/t5561-http-backend.sh
index 9c57d84315..d8add36fb4 100755
--- t/t5561-http-backend.sh
+++ t/t5561-http-backend.sh
@@ -44,7 +44,7 @@ grep '^[^#]' >exp <<EOF
### refs/heads/main
###
-GET /smart/repo.git/refs/heads/main HTTP/1.1 404 -
+GET /smart/repo.git/refs/heads/main HTTP/1.1 404
### getanyfile default
###
@@ -59,14 +59,14 @@ GET /smart/repo.git/$IDX_URL HTTP/1.1 200
### no git-daemon-export-ok
###
-GET /smart_noexport/repo.git/HEAD HTTP/1.1 404 -
-GET /smart_noexport/repo.git/info/refs HTTP/1.1 404 -
-GET /smart_noexport/repo.git/objects/info/packs HTTP/1.1 404 -
-GET /smart_noexport/repo.git/objects/info/alternates HTTP/1.1 404 -
-GET /smart_noexport/repo.git/objects/info/http-alternates HTTP/1.1 404 -
-GET /smart_noexport/repo.git/$LOOSE_URL HTTP/1.1 404 -
-GET /smart_noexport/repo.git/$PACK_URL HTTP/1.1 404 -
-GET /smart_noexport/repo.git/$IDX_URL HTTP/1.1 404 -
+GET /smart_noexport/repo.git/HEAD HTTP/1.1 404
+GET /smart_noexport/repo.git/info/refs HTTP/1.1 404
+GET /smart_noexport/repo.git/objects/info/packs HTTP/1.1 404
+GET /smart_noexport/repo.git/objects/info/alternates HTTP/1.1 404
+GET /smart_noexport/repo.git/objects/info/http-alternates HTTP/1.1 404
+GET /smart_noexport/repo.git/$LOOSE_URL HTTP/1.1 404
+GET /smart_noexport/repo.git/$PACK_URL HTTP/1.1 404
+GET /smart_noexport/repo.git/$IDX_URL HTTP/1.1 404
### git-daemon-export-ok
###
@@ -92,14 +92,14 @@ GET /smart/repo.git/$IDX_URL HTTP/1.1 200
### getanyfile false
###
-GET /smart/repo.git/HEAD HTTP/1.1 403 -
-GET /smart/repo.git/info/refs HTTP/1.1 403 -
-GET /smart/repo.git/objects/info/packs HTTP/1.1 403 -
-GET /smart/repo.git/objects/info/alternates HTTP/1.1 403 -
-GET /smart/repo.git/objects/info/http-alternates HTTP/1.1 403 -
-GET /smart/repo.git/$LOOSE_URL HTTP/1.1 403 -
-GET /smart/repo.git/$PACK_URL HTTP/1.1 403 -
-GET /smart/repo.git/$IDX_URL HTTP/1.1 403 -
+GET /smart/repo.git/HEAD HTTP/1.1 403
+GET /smart/repo.git/info/refs HTTP/1.1 403
+GET /smart/repo.git/objects/info/packs HTTP/1.1 403
+GET /smart/repo.git/objects/info/alternates HTTP/1.1 403
+GET /smart/repo.git/objects/info/http-alternates HTTP/1.1 403
+GET /smart/repo.git/$LOOSE_URL HTTP/1.1 403
+GET /smart/repo.git/$PACK_URL HTTP/1.1 403
+GET /smart/repo.git/$IDX_URL HTTP/1.1 403
### uploadpack default
###
@@ -113,13 +113,13 @@ POST /smart/repo.git/git-upload-pack HTTP/1.1 200 -
### uploadpack false
###
-GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/1.1 403 -
-POST /smart/repo.git/git-upload-pack HTTP/1.1 403 -
+GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/1.1 403
+POST /smart/repo.git/git-upload-pack HTTP/1.1 403
### receivepack default
###
-GET /smart/repo.git/info/refs?service=git-receive-pack HTTP/1.1 403 -
-POST /smart/repo.git/git-receive-pack HTTP/1.1 403 -
+GET /smart/repo.git/info/refs?service=git-receive-pack HTTP/1.1 403
+POST /smart/repo.git/git-receive-pack HTTP/1.1 403
### receivepack true
###
@@ -128,8 +128,8 @@ POST /smart/repo.git/git-receive-pack HTTP/1.1 200 -
### receivepack false
###
-GET /smart/repo.git/info/refs?service=git-receive-pack HTTP/1.1 403 -
-POST /smart/repo.git/git-receive-pack HTTP/1.1 403 -
+GET /smart/repo.git/info/refs?service=git-receive-pack HTTP/1.1 403
+POST /smart/repo.git/git-receive-pack HTTP/1.1 403
EOF
test_expect_success 'server request log matches test results' '
check_access_log exp
--
2.34.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH 2/2] http-backend: give a hint that web browser access is not supported
2021-12-02 0:12 [PATCH 1/2] http-backend: CGI error messages need to be output on stdout Jan Engelhardt
@ 2021-12-02 0:12 ` Jan Engelhardt
2021-12-02 7:31 ` [PATCH 1/2] http-backend: CGI error messages need to be output on stdout Junio C Hamano
1 sibling, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2021-12-02 0:12 UTC (permalink / raw)
To: git
Add a paragraph that browsing to http-backend is not something
that should normally be done
a webserver is configured to unconditionally pass requests
to git-http-backend, without any diversion to a gitweb frontend,
it is helpful to at least be told this.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
---
http-backend.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git http-backend.c http-backend.c
index 8f1b69d127..06e17d45a4 100644
--- http-backend.c
+++ http-backend.c
@@ -775,8 +775,15 @@ int cmd_main(int argc, const char **argv)
regfree(&re);
}
- if (!cmd)
- not_found(&hdr, "Request not supported: '%s'", dir);
+ if (!cmd) {
+ const char *hint = "";
+ if (strcmp(method, "GET") == 0)
+ hint = "You cannot use regular web browsing to access "
+ "this URL. Only git operations like "
+ "clone/ls-remote/etc. will work.\n";
+ not_found(&hdr, "%s request not supported on '%s'.\n%s",
+ method, dir, hint);
+ }
setup_path();
if (!enter_repo(dir, 0))
--
2.34.0
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 1/2] http-backend: CGI error messages need to be output on stdout
2021-12-02 0:12 [PATCH 1/2] http-backend: CGI error messages need to be output on stdout Jan Engelhardt
2021-12-02 0:12 ` [PATCH 2/2] http-backend: give a hint that web browser access is not supported Jan Engelhardt
@ 2021-12-02 7:31 ` Junio C Hamano
1 sibling, 0 replies; 3+ messages in thread
From: Junio C Hamano @ 2021-12-02 7:31 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: git
Jan Engelhardt <jengelh@inai.de> writes:
> Accessing a clone-only URL with a browser would always show a blank
> page, because the reason string "Request is not supported" was
"is not supported" -> "not supported", I think.
> sent to the wrong file descriptor.
I looked at the messages given to not_found() and forbidden(). Most
of them do look like they are meant to be given to the remote user,
but some reveal the server side paths, and I am reluctant to judge
the security implication to start giving them, which have been
hidden so far, to the remote users.
I am not sure how strictly it is enforced these days, but at least
in early days we were fairly paranoid and aimed to make sure that a
remote user cannot tell a repository that does not exist from a
repository that the user does not have access to by throwing random
requests at the server.
http-backend.c:161: forbidden(hdr, "Unsupported service: getanyfile");
This one should be safe, I would think.
http-backend.c:184: not_found(hdr, "Cannot open '%s': %s", p, strerror(errno));
The 'p' is a path to a file in the repository like
'objects/alternates', that is ready to be given to open(2), so it
clearly leaks the path on the server.
http-backend.c:260: forbidden(hdr, "Unsupported service: '%s'", name);
http-backend.c:271: forbidden(hdr, "Unsupported service: '%s'", name);
http-backend.c:278: forbidden(hdr, "Service not enabled: '%s'", svc->name);
These I think should be benign, but I have to admit that I didn't
think too deep about them.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-12-02 7:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-02 0:12 [PATCH 1/2] http-backend: CGI error messages need to be output on stdout Jan Engelhardt
2021-12-02 0:12 ` [PATCH 2/2] http-backend: give a hint that web browser access is not supported Jan Engelhardt
2021-12-02 7:31 ` [PATCH 1/2] http-backend: CGI error messages need to be output on stdout Junio C Hamano
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).