diff options
| author | Florian Zschocke <f.zschocke+git@gmail.com> | 2022-03-13 18:03:17 +0100 |
|---|---|---|
| committer | Florian Zschocke <f.zschocke+git@gmail.com> | 2022-03-13 18:03:17 +0100 |
| commit | 9b4afad6f4be212474809533ec2c280cce86501a (patch) | |
| tree | 9dbdc1fe354efc77330589a52b75aedb49ab1428 /src/main/java/com/gitblit/models | |
| parent | 16ec6d07c58356d9b20652b5ae168ae9f0fd2eaa (diff) | |
| download | gitblit-9b4afad6f4be212474809533ec2c280cce86501a.tar.gz gitblit-9b4afad6f4be212474809533ec2c280cce86501a.zip | |
fix: Fix StoredUserConfig not escaping control characters
The `StoredUserConfig` only escaped the escape character, i.e. backslash.
But it does not escape control characters like tab or newline. This
introduces a vulnerability where an attacker can create new entries
in their user account and create new accounts.
In addition, other characters are also not properly handled. Field values
with a comment character need to be quoted. This only happens for the
`#` character and only when the value starts with it. Also the quote
is note escaped in values.
This change completely rewrites the `escape` method of `StoredUserConfig`.
It takes care of properly escaping characters that need escaping for the
git configuration file format.
This fixes #1410
Diffstat (limited to 'src/main/java/com/gitblit/models')
0 files changed, 0 insertions, 0 deletions