summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-01-13ui-repolist: initialize char *buf to NULLChristian Hesse
readfile() can fail if the agefile is not readable. Make sure free() does not free an ininitialized string. Signed-off-by: Christian Hesse <mail@eworm.de>
2015-11-24filter: avoid integer overflow in authenticate_postJason A. Donenfeld
ctx.env.content_length is an unsigned int, coming from the CONTENT_LENGTH environment variable, which is parsed by strtoul. The HTTP/1.1 spec says that "any Content-Length greater than or equal to zero is a valid value." By storing this into an int, we potentially overflow it, resulting in the following bounding check failing, leading to a buffer overflow. Reported-by: Erik Cabetas <Erik@cabetas.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-11-12about-formatting.sh: comment text out of dateJason A. Donenfeld
2015-10-12filters: port syntax-highlighting.py to python 3.xChristian Hesse
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-12md2html: the default of stdin works fineJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-12filters: misc cleanupsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-12md2html: use pure pythonJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-10cache: fix resource leak: close file handle before returnChristian Hesse
Coverity-id: 13910 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10ui-atom: fix resource leak: free allocation from cgit_pageurlChristian Hesse
Coverity-id: 13945 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10ui-atom: fix resource leak: free before returnChristian Hesse
Coverity-id: 13946 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10ui-atom: fix resource leak: free allocation from cgit_repourlChristian Hesse
Coverity-id: 13947 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10ui-blob: fix resource leak: free before returnChristian Hesse
Coverity-id: 13944 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10ui-blob: fix resource leak: free before returnChristian Hesse
Coverity-id: 13943 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-plain: fix resource leak: free before assigning NULLChristian Hesse
Coverity-id: 13939 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-plain: fix resource leak: free before returnChristian Hesse
Coverity-id: 13940 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-repolist: fix resource leak: free allocation from cgit_currenturlChristian Hesse
Coverity-id: 13930 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-repolist: fix resource leak: free before returnChristian Hesse
Coverity-id: 13931 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09filters: Simplify convertersJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-09ui-shared: fix resource leak: free allocation from cgit_hosturlChristian Hesse
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-shared: return value of cgit_hosturl is not constChristian Hesse
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09cmd: fix resource leak: free allocation from cgit_currenturl and fmtallocChristian Hesse
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-shared: fix resource leak: free allocation from cgit_currenturlChristian Hesse
Coverity-id: 13927 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-shared: return value of cgit_currenturl is not constChristian Hesse
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-shared: fix resource leak: free allocation from cgit_fileurlChristian Hesse
Coverity-id: 13918 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-ssdiff: fix resource leak: free allocation from cgit_fileurlChristian Hesse
Coverity-id: 13929 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09ui-tree: fix resource leak: free before returnChristian Hesse
Coverity-id: 13938 Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09Avoid use of non-reentrant functionsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-09Makefile: fix MAKEFLAGS tests with multiple flagsJohn Keeping
findstring is defined as $(findstring FIND,IN) so if multiple flags are set these tests do the wrong thing unless $(MAKEFLAGS) is the second argument. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-09ui-refs: remove useless null checkJohn Keeping
There is no way that "tag" can be null here. Coverity-id: 13950 Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-09ui-blob: remove useless null checkJohn Keeping
We have already called strlen() on "path" by the time we get here, so we know it can't be null. Coverity-id: 13954 Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-09scan-tree: remove useless strdup()John Keeping
parse_configfile() takes a "const char *" and doesn't hold any references to it after it returns; there is no reason to pass it a duplicate. Coverity-id: 13941 Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-09cgit.c: remove useless null checkJohn Keeping
Everywhere else in this function we do not check whether the value is null and parse_configfile() never passes a null value to this callback. Coverity-id: 13846 Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-06git: update to v2.6.1Christian Hesse
Update to git version v2.6.1, no changes required. Signed-off-by: Christian Hesse <mail@eworm.de>
2015-08-17mime: rewrite detection functionJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-08-17ui-summary: send images plain for about pageChristian Hesse
The about page used to display just fine, but images were broken: The binary image data was embedded in html code. Use cgit_print_plain() to send images in plain mode and make them available on about page. Signed-off-by: Christian Hesse <mail@eworm.de>
2015-08-17refactor get_mimetype_from_file() to get_mimetype_for_filename()Christian Hesse
* handle mimetype within a single function * return allocated memory on success Signed-off-by: Christian Hesse <mail@eworm.de>
2015-08-17move get_mimetype_from_file() to sharedChristian Hesse
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-08-14cmd: fix command definitionJohn Keeping
The previous commit removed the "pre" field from "struct cgit_cmd" but forgot to update this macro. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
2015-08-14cmd: no need for pre function hook nowJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-08-14ui-shared: cache errors for "dynamic TTL"John Keeping
Most errors we generate are (potentially) transient, such as non-existent object IDs so we don't want them to be cached forever. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14cmd: remove "want_layout" fieldJohn Keeping
No commands use this any more. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14tree: move layout into page functionJohn Keeping
This also allows us to return proper HTTP error codes when the requested tree is not found and display an error message in one case (invalid path inside valid commit) where we previously just displayed an empty page. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14tag: move layout into page functionJohn Keeping
This also allows us to return proper HTTP error codes when something goes wrong. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14summary: move layout into page functionJohn Keeping
Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14stats: move layout into page functionJohn Keeping
This also allows us to return proper HTTP error codes for invalid requests. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14refs: move layout to page functionJohn Keeping
Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14log: move layout into page functionJohn Keeping
Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14diff: move layout to page functionJohn Keeping
The existing "show_ctrls" flag is used to control whether we are running in an existing page or control the page ourselves. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14commit: move layout into page functionJohn Keeping
This allows us to return a proper HTTP status code when an object is not found by switching from cgit_print_error() to cgit_print_error_page(). Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14about: move layout into page functionsJohn Keeping
Signed-off-by: John Keeping <john@keeping.me.uk>