diff options
| author | KN4CK3R <admin@oldschoolhack.me> | 2023-08-05 10:59:52 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-05 10:59:52 +0200 |
| commit | 2d3924d0e7c7fd164789b691168cead2d0171bc4 (patch) | |
| tree | 0a09bda9407e7b65f14d1a20717ede1025783fc5 | |
| parent | 9a8af925774327d96953a53c22efc42f24570b91 (diff) | |
| download | gitea-2d3924d0e7c7fd164789b691168cead2d0171bc4.tar.gz gitea-2d3924d0e7c7fd164789b691168cead2d0171bc4.zip | |
Prevent newline errors with Debian packages (#26332)
Fixes #26313
| -rw-r--r-- | modules/packages/debian/metadata.go | 21 | ||||
| -rw-r--r-- | services/packages/debian/repository.go | 2 |
2 files changed, 12 insertions, 11 deletions
diff --git a/modules/packages/debian/metadata.go b/modules/packages/debian/metadata.go index bb77f7524b..32460a84ae 100644 --- a/modules/packages/debian/metadata.go +++ b/modules/packages/debian/metadata.go @@ -172,19 +172,10 @@ func ParseControlFile(r io.Reader) (*Package, error) { value := strings.TrimSpace(parts[1]) switch key { case "Package": - if !namePattern.MatchString(value) { - return nil, ErrInvalidName - } p.Name = value case "Version": - if !versionPattern.MatchString(value) { - return nil, ErrInvalidVersion - } p.Version = value case "Architecture": - if value == "" { - return nil, ErrInvalidArchitecture - } p.Architecture = value case "Maintainer": a, err := mail.ParseAddress(value) @@ -208,13 +199,23 @@ func ParseControlFile(r io.Reader) (*Package, error) { return nil, err } + if !namePattern.MatchString(p.Name) { + return nil, ErrInvalidName + } + if !versionPattern.MatchString(p.Version) { + return nil, ErrInvalidVersion + } + if p.Architecture == "" { + return nil, ErrInvalidArchitecture + } + dependencies := strings.Split(depends.String(), ",") for i := range dependencies { dependencies[i] = strings.TrimSpace(dependencies[i]) } p.Metadata.Dependencies = dependencies - p.Control = control.String() + p.Control = strings.TrimSpace(control.String()) return p, nil } diff --git a/services/packages/debian/repository.go b/services/packages/debian/repository.go index 37ba47bdc3..be82fbed6e 100644 --- a/services/packages/debian/repository.go +++ b/services/packages/debian/repository.go @@ -212,7 +212,7 @@ func buildPackagesIndices(ctx context.Context, ownerID int64, repoVersion *packa } addSeparator = true - fmt.Fprint(w, pfd.Properties.GetByName(debian_module.PropertyControl)) + fmt.Fprintf(w, "%s\n", strings.TrimSpace(pfd.Properties.GetByName(debian_module.PropertyControl))) fmt.Fprintf(w, "Filename: pool/%s/%s/%s\n", distribution, component, pfd.File.Name) fmt.Fprintf(w, "Size: %d\n", pfd.Blob.Size) |