]> source.dussan.org Git - gitblit.git/commit
projects / gitblit.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 16ec6d0) | patch
fix: Fix StoredUserConfig not escaping control characters 1411/head
authorFlorian Zschocke <f.zschocke+git@gmail.com>
Sun, 13 Mar 2022 17:03:17 +0000 (18:03 +0100)
committerFlorian Zschocke <f.zschocke+git@gmail.com>
Sun, 13 Mar 2022 17:03:17 +0000 (18:03 +0100)
commit9b4afad6f4be212474809533ec2c280cce86501a
tree9dbdc1fe354efc77330589a52b75aedb49ab1428tree | snapshot
parent16ec6d07c58356d9b20652b5ae168ae9f0fd2eaacommit | diff
fix: Fix StoredUserConfig not escaping control characters

The `StoredUserConfig` only escaped the escape character, i.e. backslash.
But it does not escape control characters like tab or newline. This
introduces a vulnerability where an attacker can create new entries
in their user account and create new accounts.
In addition, other characters are also not properly handled. Field values
with a comment character need to be quoted. This only happens for the
`#` character and only when the value starts with it. Also the quote
is note escaped in values.

This change completely rewrites the `escape` method of `StoredUserConfig`.
It takes care of properly escaping characters that need escaping for the
git configuration file format.

This fixes #1410
src/main/java/com/gitblit/StoredUserConfig.java diff | blob | history
src/test/java/com/gitblit/StoredUserConfigTest.java diff | blob | history
Pure java git solution: https://github.com/gitblit-org/gitblit