new deploy: 2022-10-17T07:34:40+00:00
dachary
parent
3f96458dc0
commit
f9a78e3d94
|
|
@ -0,0 +1,327 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width" />
|
||||
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
|
||||
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
|
||||
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
|
||||
<link rel="manifest" href="/site.webmanifest" />
|
||||
<link rel="me" href="https://pouet.chapril.org/@gna" />
|
||||
<link rel="stylesheet" href="https://gna.org/main.css" />
|
||||
<link
|
||||
rel="stylesheet"
|
||||
media="screen and (max-width: 1300px)"
|
||||
href="https://gna.org/mobile.css"
|
||||
/>
|
||||
|
||||
<meta name="referrer" content="no-referrer-when-downgrade" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="https://gna.org/main.css" />
|
||||
<link
|
||||
rel="stylesheet"
|
||||
media="screen and (max-width: 1300px)"
|
||||
href="https://gna.org/mobile.css"
|
||||
/>
|
||||
|
||||
<meta name="referrer" content="no-referrer-when-downgrade" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
<title>[security] Gitea < 1.17.3 git option injection explained | Gna!: Managed Gitea Hosting </title>
|
||||
<meta name="referrer" content="no-referrer-when-downgrade" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
<meta name="description" content="." />
|
||||
|
||||
|
||||
<meta property="og:title" content="[security] Gitea < 1.17.3 git option injection explained | Gna!: Managed Gitea Hosting " />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://gna.org" />
|
||||
|
||||
<meta property="og:description" content="." />
|
||||
<meta
|
||||
property="og:site_name"
|
||||
content="[security] Gitea < 1.17.3 git option injection explained | Gna!: Managed Gitea Hosting "
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="57x57"
|
||||
href="https://gna.org/apple-icon-57x57.png?h=c21de14cfdf862a6472ae977557fa048a7c36d39337e61d3274705e9bd8e857f"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="60x60"
|
||||
href="https://gna.org/apple-icon-60x60.png?h=67089d9025a52d0d1ddce450078c7acefe2c150a2427dec9f5e13c6314f74281"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="72x72"
|
||||
href="https://gna.org/apple-icon-72x72.png?h=70725943de8884804f9da28202ced0ad6fed483ae9cf8f6d874aa133e30cb693"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="76x76"
|
||||
href="https://gna.org/apple-icon-76x76.png?h=1e6e8072df3b21bdcea254a42aac6e993611e845f91ddd79f6f35a6c441710a5"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="114x114"
|
||||
href="https://gna.org/apple-icon-114x114.png?h=c20099f8190ed3962fab5726c5594857a871cdb3ee98439343c622cd3727fed6"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="120x120"
|
||||
href="https://gna.org/apple-icon-120x120.png?h=4df78e402e60b58c6d44764678bdd737b5b6a836aeb85fb75fa49f706f7e8c81"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="144x144"
|
||||
href="https://gna.org/apple-icon-144x144.png?h=0c44e6655d714f89ee95cc151032d1f0dc3204bd24d1ca2ee9d94692d4ede84d"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="152x152"
|
||||
href="https://gna.org/apple-icon-152x152.png?h=157918f883ff95d4eeb6452d0ebb61ca5e21ea0dcac1aefe825f3e2f3999052f"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="180x180"
|
||||
href="https://gna.org/apple-icon-180x180.png?h=7d5c16d379b7db6d8ea5aae64921d7162b84f543763acd8fc7c107f80a600213"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="192x192"
|
||||
href="https://gna.org/android-icon-192x192.png?h=095e3835b082dba07f606c33fa6f71bcd671a71e987b0ab2e46dcddceef52b9c"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="32x32"
|
||||
href="https://gna.org/favicon-32x32.png?h=1bf54bf111572b1d1639192b5360ee4345f702e563aa71bb66610a95a7290437"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="96x96"
|
||||
href="https://gna.org/favicon-96x96.png?h=5a6ed96c09f5055526e3b236867a1272a26f7ba957d48b267bccd51ef0845fbe"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="16x16"
|
||||
href="https://gna.org/favicon-16x16.png?h=1e5fa59ae78516055f662e40bb2599dc3828a7adb34567e9d8d2cfcaa6b7aa5f"
|
||||
/>
|
||||
<link
|
||||
rel="manifest"
|
||||
href="https://gna.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
|
||||
/>
|
||||
<meta name="msapplication-TileColor" content="#ffffff" />
|
||||
<meta
|
||||
name="msapplication-TileImage"
|
||||
content="https://gna.org/ms-icon-144x144.png?h=8170ab51b871b84b8f98bd03cf441afdffb2998b7dfffb04abb7ebf5deeb1f94"
|
||||
/>
|
||||
<meta name="theme-color" content="#ffffff" />
|
||||
|
||||
|
||||
</head>
|
||||
|
||||
|
||||
|
||||
|
||||
</head>
|
||||
<body class="base">
|
||||
<header>
|
||||
<nav class="nav__container">
|
||||
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
|
||||
|
||||
<div class="nav__header">
|
||||
<a class="nav__logo-container" href="/">
|
||||
|
||||
<img src="https://gna.org/gna-logo-rectangle-48px.png?h=ba9eab043277265f94c51b87d5e14f9ca35789403ecb8afc9bd1e33b13c6a2a5" alt="Gna!"/>
|
||||
</a>
|
||||
<label class="nav__hamburger-menu" for="nav__toggle">
|
||||
<span class="nav__hamburger-inner"></span>
|
||||
</label>
|
||||
</div>
|
||||
<div class="nav__spacer--small"></div>
|
||||
<div class="nav__link-group">
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="/about/">About</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="/blog/">Blog</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://matrix.to/#/#gna:matrix.batsense.net">Chat</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="/gitea-clinic/">Clinic</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://forum.gna.org">Forum</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://pouet.chapril.org/@gna">Mastodon</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<div class="nav__spacer"></div>
|
||||
<div class="nav__link-group--small">
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://hosteadashboard.gna.org/login/">Login</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container--action">
|
||||
<a class="nav__link" rel="noreferrer" href="https://hosteadashboard.gna.org/register/">Join</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</nav>
|
||||
|
||||
</header>
|
||||
<!-- See ../sass/main.scss. Required for pushing footer to the very
|
||||
bottom of the page -->
|
||||
<div class="main__content-container">
|
||||
<main>
|
||||
|
||||
|
||||
<div class="page__container">
|
||||
<h1 class="page__group-title">[security] Gitea < 1.17.3 git option injection explained</h1>
|
||||
<p class="blog__post-meta">
|
||||
|
||||
|
||||
|
||||
<a href="https://dachary.org" class="post__author">Loïc Dachary</a>
|
||||
|
||||
|
||||
|
||||
|
||||
· 17
|
||||
October
|
||||
|
||||
,
|
||||
2022 · <b>2 min read</b>
|
||||
</p>
|
||||
|
||||
|
||||
<div class="blog__content">
|
||||
<p><a href="https://pouet.chapril.org/@gna/109176306611564720">Gitea 1.17.3</a> includes a <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/commit/d98c5db58fdeded983bf5c0fe781fd7b77a1235f">security patch</a> that prevents the injection of arguments to the git command run by Gitea.</p>
|
||||
<p>When displaying the commit graph <a href="https://gitea.gna.org/Gna/organization/graph?branch=refs%2Fheads%2Fmaster">for the master branch</a>, the URL contains the argument <strong>refs%2Fheads%2Fmaster</strong> that is passed to the <code>git</code> command with something like:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph refs/head/master
|
||||
</span></code></pre>
|
||||
<p>If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a <code>git</code> argument instead of a branch name. For instance <strong>-h</strong> could be passed to the <code>git</code> command as:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph -h
|
||||
</span></code></pre>
|
||||
<p>In reality the <code>rev-list</code> command is called before <code>log</code> and in Gitea 1.17.2 the debug output will show something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:17:17 ...s/web/repo/commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [<options>] <commit-id>... [-- <path>...]
|
||||
</span><span>...
|
||||
</span></code></pre>
|
||||
<p>In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:25:05 ...dules/git/command.go:166:Run() [E] [634d0351] git command is broken: /usr/bin/git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
|
||||
</span><span>2022/10/17 07:25:05 ...s/web/repo/commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: git command is broken
|
||||
</span></code></pre>
|
||||
|
||||
</div>
|
||||
<br>
|
||||
<br>
|
||||
<div class="blog__post-tag-container">
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gna">#gna</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/security">#security</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/problem">#problem</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/solution">#solution</a>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
</main>
|
||||
<footer>
|
||||
<div class="footer__container">
|
||||
<!-- <div class="footer__column"> --->
|
||||
<p class="footer__column license__conatiner">
|
||||
All text <a
|
||||
class="license__link"
|
||||
rel="noreferrer"
|
||||
href="http://creativecommons.org/licenses/by-sa/4.0/"
|
||||
target="_blank"
|
||||
> CC-BY-SA </a
|
||||
>
|
||||
& code
|
||||
<a
|
||||
class="license__link"
|
||||
rel="noreferrer"
|
||||
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
|
||||
target="_blank"
|
||||
> AGPL </a
|
||||
>
|
||||
|
|
||||
<a
|
||||
class="license__link"
|
||||
rel="noreferrer"
|
||||
href="https://www.eff.org/issues/do-not-track/amp/"
|
||||
target="_blank"
|
||||
> No AMP </a
|
||||
>
|
||||
</p>
|
||||
<!-- </div> -->
|
||||
<div class="footer__column--center">
|
||||
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
|
||||
class="footer__icon"
|
||||
alt="Email icon"
|
||||
/>
|
||||
</a>
|
||||
</div>
|
||||
<div class="footer__column">
|
||||
<a href="/about" title="About">About</a>
|
||||
<a href="/coc" title="Code of Conduct">CoC</a>
|
||||
<span class="footer__column-divider--mobile-only">|</span>
|
||||
<a href="/legalese" title="Legalese">Legalese</a>
|
||||
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
|
||||
<span class="footer__column-divider--mobile-only">|</span>
|
||||
<a
|
||||
href="https://gitea.gna.org/Gna"
|
||||
rel="noreferrer"
|
||||
target="_blank"
|
||||
title="Status"
|
||||
>Source Code</a
|
||||
>
|
||||
<a href="/tos" title="Terms of Service">ToS</a>
|
||||
</div>
|
||||
</div>
|
||||
</footer>
|
||||
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -4,8 +4,31 @@
|
|||
<link href="https://gna.org/blog/atom.xml" rel="self" type="application/atom+xml"/>
|
||||
<link href="https://gna.org/blog/"/>
|
||||
<generator uri="https://www.getzola.org/">Zola</generator>
|
||||
<updated>2022-07-20T00:00:00+00:00</updated>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<id>https://gna.org/blog/atom.xml</id>
|
||||
<entry xml:lang="en">
|
||||
<title>[security] Gitea < 1.17.3 git option injection explained</title>
|
||||
<published>2022-10-17T00:00:00+00:00</published>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
|
||||
<id>https://gna.org/blog/1-17-3-git-security/</id>
|
||||
<content type="html"><p><a href="https://pouet.chapril.org/@gna/109176306611564720">Gitea 1.17.3</a> includes a <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/commit/d98c5db58fdeded983bf5c0fe781fd7b77a1235f">security patch</a> that prevents the injection of arguments to the git command run by Gitea.</p>
|
||||
<p>When displaying the commit graph <a href="https://gitea.gna.org/Gna/organization/graph?branch=refs%2Fheads%2Fmaster">for the master branch</a>, the URL contains the argument <strong>refs%2Fheads%2Fmaster</strong> that is passed to the <code>git</code> command with something like:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph refs/head/master
|
||||
</span></code></pre>
|
||||
<p>If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a <code>git</code> argument instead of a branch name. For instance <strong>-h</strong> could be passed to the <code>git</code> command as:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph -h
|
||||
</span></code></pre>
|
||||
<p>In reality the <code>rev-list</code> command is called before <code>log</code> and in Gitea 1.17.2 the debug output will show something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:17:17 ...s/web/repo/commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&lt;options&gt;] &lt;commit-id&gt;... [-- &lt;path&gt;...]
|
||||
</span><span>...
|
||||
</span></code></pre>
|
||||
<p>In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:25:05 ...dules/git/command.go:166:Run() [E] [634d0351] git command is broken: /usr/bin/git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
|
||||
</span><span>2022/10/17 07:25:05 ...s/web/repo/commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: git command is broken
|
||||
</span></code></pre>
|
||||
</content>
|
||||
</entry>
|
||||
<entry xml:lang="en">
|
||||
<title>1.17 breaking changes episode 2: preserving a custom gitconfig</title>
|
||||
<published>2022-07-20T00:00:00+00:00</published>
|
||||
|
|
|
|||
|
|
@ -213,6 +213,45 @@
|
|||
|
||||
<ul class="blog__list">
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">[security] Gitea < 1.17.3 git option injection explained</h2>
|
||||
<p class="blog__post-meta">
|
||||
|
||||
|
||||
|
||||
<a href="https://dachary.org" class="post__author">Loïc Dachary</a>
|
||||
|
||||
|
||||
|
||||
|
||||
· 17
|
||||
October
|
||||
|
||||
,
|
||||
2022 · <b>2 min read</b>
|
||||
</p>
|
||||
|
||||
|
||||
<p class="blog__post-description">. </p>
|
||||
</a>
|
||||
<div class="blog__post-tag-container">
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gna">#gna</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/security">#security</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/problem">#problem</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/solution">#solution</a>
|
||||
|
||||
</div>
|
||||
</li>
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-breaking-episode-2/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">1.17 breaking changes episode 2: preserving a custom gitconfig</h2>
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
10
sitemap.xml
10
sitemap.xml
|
|
@ -9,6 +9,10 @@
|
|||
<url>
|
||||
<loc>https://gna.org/blog/</loc>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://gna.org/blog/1-17-3-git-security/</loc>
|
||||
<lastmod>2022-10-17</lastmod>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://gna.org/blog/1-17-breaking-episode-1/</loc>
|
||||
<lastmod>2022-06-22</lastmod>
|
||||
|
|
@ -95,6 +99,12 @@
|
|||
<url>
|
||||
<loc>https://gna.org/tags/problem/</loc>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://gna.org/tags/security/</loc>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://gna.org/tags/solution/</loc>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://gna.org/tags/troubleshoot/</loc>
|
||||
</url>
|
||||
|
|
|
|||
|
|
@ -4,8 +4,31 @@
|
|||
<link href="https://gna.org/tags/gitea/atom.xml" rel="self" type="application/atom+xml"/>
|
||||
<link href="https://gna.org"/>
|
||||
<generator uri="https://www.getzola.org/">Zola</generator>
|
||||
<updated>2022-07-20T00:00:00+00:00</updated>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<id>https://gna.org/tags/gitea/atom.xml</id>
|
||||
<entry xml:lang="en">
|
||||
<title>[security] Gitea < 1.17.3 git option injection explained</title>
|
||||
<published>2022-10-17T00:00:00+00:00</published>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
|
||||
<id>https://gna.org/blog/1-17-3-git-security/</id>
|
||||
<content type="html"><p><a href="https://pouet.chapril.org/@gna/109176306611564720">Gitea 1.17.3</a> includes a <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/commit/d98c5db58fdeded983bf5c0fe781fd7b77a1235f">security patch</a> that prevents the injection of arguments to the git command run by Gitea.</p>
|
||||
<p>When displaying the commit graph <a href="https://gitea.gna.org/Gna/organization/graph?branch=refs%2Fheads%2Fmaster">for the master branch</a>, the URL contains the argument <strong>refs%2Fheads%2Fmaster</strong> that is passed to the <code>git</code> command with something like:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph refs/head/master
|
||||
</span></code></pre>
|
||||
<p>If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a <code>git</code> argument instead of a branch name. For instance <strong>-h</strong> could be passed to the <code>git</code> command as:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph -h
|
||||
</span></code></pre>
|
||||
<p>In reality the <code>rev-list</code> command is called before <code>log</code> and in Gitea 1.17.2 the debug output will show something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:17:17 ...s/web/repo/commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&lt;options&gt;] &lt;commit-id&gt;... [-- &lt;path&gt;...]
|
||||
</span><span>...
|
||||
</span></code></pre>
|
||||
<p>In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:25:05 ...dules/git/command.go:166:Run() [E] [634d0351] git command is broken: /usr/bin/git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
|
||||
</span><span>2022/10/17 07:25:05 ...s/web/repo/commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: git command is broken
|
||||
</span></code></pre>
|
||||
</content>
|
||||
</entry>
|
||||
<entry xml:lang="en">
|
||||
<title>1.17 breaking changes episode 2: preserving a custom gitconfig</title>
|
||||
<published>2022-07-20T00:00:00+00:00</published>
|
||||
|
|
|
|||
|
|
@ -219,6 +219,36 @@
|
|||
</a></div>
|
||||
<ul class="blog__list">
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">[security] Gitea < 1.17.3 git option injection explained</h2>
|
||||
<p class="blog__post-meta">
|
||||
17
|
||||
October
|
||||
|
||||
,
|
||||
2022 · <b>2 min read</b>
|
||||
</p>
|
||||
|
||||
<p class="blog__post-description">. </p>
|
||||
</a>
|
||||
<div class="blog__post-tag-container">
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gna">#gna</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/security">#security</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/problem">#problem</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/solution">#solution</a>
|
||||
|
||||
</div>
|
||||
</li>
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-breaking-episode-2/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">1.17 breaking changes episode 2: preserving a custom gitconfig</h2>
|
||||
|
|
|
|||
|
|
@ -4,8 +4,31 @@
|
|||
<link href="https://gna.org/tags/gna/atom.xml" rel="self" type="application/atom+xml"/>
|
||||
<link href="https://gna.org"/>
|
||||
<generator uri="https://www.getzola.org/">Zola</generator>
|
||||
<updated>2022-07-20T00:00:00+00:00</updated>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<id>https://gna.org/tags/gna/atom.xml</id>
|
||||
<entry xml:lang="en">
|
||||
<title>[security] Gitea < 1.17.3 git option injection explained</title>
|
||||
<published>2022-10-17T00:00:00+00:00</published>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
|
||||
<id>https://gna.org/blog/1-17-3-git-security/</id>
|
||||
<content type="html"><p><a href="https://pouet.chapril.org/@gna/109176306611564720">Gitea 1.17.3</a> includes a <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/commit/d98c5db58fdeded983bf5c0fe781fd7b77a1235f">security patch</a> that prevents the injection of arguments to the git command run by Gitea.</p>
|
||||
<p>When displaying the commit graph <a href="https://gitea.gna.org/Gna/organization/graph?branch=refs%2Fheads%2Fmaster">for the master branch</a>, the URL contains the argument <strong>refs%2Fheads%2Fmaster</strong> that is passed to the <code>git</code> command with something like:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph refs/head/master
|
||||
</span></code></pre>
|
||||
<p>If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a <code>git</code> argument instead of a branch name. For instance <strong>-h</strong> could be passed to the <code>git</code> command as:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph -h
|
||||
</span></code></pre>
|
||||
<p>In reality the <code>rev-list</code> command is called before <code>log</code> and in Gitea 1.17.2 the debug output will show something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:17:17 ...s/web/repo/commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&lt;options&gt;] &lt;commit-id&gt;... [-- &lt;path&gt;...]
|
||||
</span><span>...
|
||||
</span></code></pre>
|
||||
<p>In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:25:05 ...dules/git/command.go:166:Run() [E] [634d0351] git command is broken: /usr/bin/git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
|
||||
</span><span>2022/10/17 07:25:05 ...s/web/repo/commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: git command is broken
|
||||
</span></code></pre>
|
||||
</content>
|
||||
</entry>
|
||||
<entry xml:lang="en">
|
||||
<title>1.17 breaking changes episode 2: preserving a custom gitconfig</title>
|
||||
<published>2022-07-20T00:00:00+00:00</published>
|
||||
|
|
|
|||
|
|
@ -219,6 +219,36 @@
|
|||
</a></div>
|
||||
<ul class="blog__list">
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">[security] Gitea < 1.17.3 git option injection explained</h2>
|
||||
<p class="blog__post-meta">
|
||||
17
|
||||
October
|
||||
|
||||
,
|
||||
2022 · <b>2 min read</b>
|
||||
</p>
|
||||
|
||||
<p class="blog__post-description">. </p>
|
||||
</a>
|
||||
<div class="blog__post-tag-container">
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gna">#gna</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/security">#security</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/problem">#problem</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/solution">#solution</a>
|
||||
|
||||
</div>
|
||||
</li>
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-breaking-episode-2/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">1.17 breaking changes episode 2: preserving a custom gitconfig</h2>
|
||||
|
|
|
|||
|
|
@ -297,7 +297,7 @@
|
|||
|
||||
|
||||
|
||||
<span class="tag__meta">10 entries</span>
|
||||
<span class="tag__meta">11 entries</span>
|
||||
</a>
|
||||
<a class="tag__rss-link" href="https://gna.org/tags/gitea/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
|
|
@ -315,7 +315,7 @@
|
|||
|
||||
|
||||
|
||||
<span class="tag__meta">10 entries</span>
|
||||
<span class="tag__meta">11 entries</span>
|
||||
</a>
|
||||
<a class="tag__rss-link" href="https://gna.org/tags/gna/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
|
|
@ -353,7 +353,7 @@
|
|||
|
||||
|
||||
|
||||
<span class="tag__meta">8 entries</span>
|
||||
<span class="tag__meta">9 entries</span>
|
||||
</a>
|
||||
<a class="tag__rss-link" href="https://gna.org/tags/problem/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
|
|
@ -365,6 +365,46 @@
|
|||
</li>
|
||||
</a>
|
||||
|
||||
<li class="tag__item">
|
||||
<a href="https://gna.org/tags/security/" class="tag__item-link">
|
||||
<h2 class="tag__item-title">#security</h2>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<span class="tag__meta">1 entry</span>
|
||||
</a>
|
||||
<a class="tag__rss-link" href="https://gna.org/tags/security/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
|
||||
class="tag__rss-icon"
|
||||
alt="RSS icon"
|
||||
/>
|
||||
</a>
|
||||
</li>
|
||||
</a>
|
||||
|
||||
<li class="tag__item">
|
||||
<a href="https://gna.org/tags/solution/" class="tag__item-link">
|
||||
<h2 class="tag__item-title">#solution</h2>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<span class="tag__meta">1 entry</span>
|
||||
</a>
|
||||
<a class="tag__rss-link" href="https://gna.org/tags/solution/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
|
||||
class="tag__rss-icon"
|
||||
alt="RSS icon"
|
||||
/>
|
||||
</a>
|
||||
</li>
|
||||
</a>
|
||||
|
||||
<li class="tag__item">
|
||||
<a href="https://gna.org/tags/troubleshoot/" class="tag__item-link">
|
||||
<h2 class="tag__item-title">#troubleshoot</h2>
|
||||
|
|
@ -407,7 +447,7 @@
|
|||
|
||||
|
||||
|
||||
<span class="tag__meta">3 entries</span>
|
||||
<span class="tag__meta">4 entries</span>
|
||||
</a>
|
||||
<a class="tag__rss-link" href="https://gna.org/tags/upgrade/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
|
|
|
|||
|
|
@ -4,8 +4,31 @@
|
|||
<link href="https://gna.org/tags/problem/atom.xml" rel="self" type="application/atom+xml"/>
|
||||
<link href="https://gna.org"/>
|
||||
<generator uri="https://www.getzola.org/">Zola</generator>
|
||||
<updated>2022-07-20T00:00:00+00:00</updated>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<id>https://gna.org/tags/problem/atom.xml</id>
|
||||
<entry xml:lang="en">
|
||||
<title>[security] Gitea < 1.17.3 git option injection explained</title>
|
||||
<published>2022-10-17T00:00:00+00:00</published>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
|
||||
<id>https://gna.org/blog/1-17-3-git-security/</id>
|
||||
<content type="html"><p><a href="https://pouet.chapril.org/@gna/109176306611564720">Gitea 1.17.3</a> includes a <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/commit/d98c5db58fdeded983bf5c0fe781fd7b77a1235f">security patch</a> that prevents the injection of arguments to the git command run by Gitea.</p>
|
||||
<p>When displaying the commit graph <a href="https://gitea.gna.org/Gna/organization/graph?branch=refs%2Fheads%2Fmaster">for the master branch</a>, the URL contains the argument <strong>refs%2Fheads%2Fmaster</strong> that is passed to the <code>git</code> command with something like:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph refs/head/master
|
||||
</span></code></pre>
|
||||
<p>If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a <code>git</code> argument instead of a branch name. For instance <strong>-h</strong> could be passed to the <code>git</code> command as:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph -h
|
||||
</span></code></pre>
|
||||
<p>In reality the <code>rev-list</code> command is called before <code>log</code> and in Gitea 1.17.2 the debug output will show something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:17:17 ...s/web/repo/commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&lt;options&gt;] &lt;commit-id&gt;... [-- &lt;path&gt;...]
|
||||
</span><span>...
|
||||
</span></code></pre>
|
||||
<p>In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:25:05 ...dules/git/command.go:166:Run() [E] [634d0351] git command is broken: /usr/bin/git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
|
||||
</span><span>2022/10/17 07:25:05 ...s/web/repo/commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: git command is broken
|
||||
</span></code></pre>
|
||||
</content>
|
||||
</entry>
|
||||
<entry xml:lang="en">
|
||||
<title>1.17 breaking changes episode 2: preserving a custom gitconfig</title>
|
||||
<published>2022-07-20T00:00:00+00:00</published>
|
||||
|
|
|
|||
|
|
@ -219,6 +219,36 @@
|
|||
</a></div>
|
||||
<ul class="blog__list">
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">[security] Gitea < 1.17.3 git option injection explained</h2>
|
||||
<p class="blog__post-meta">
|
||||
17
|
||||
October
|
||||
|
||||
,
|
||||
2022 · <b>2 min read</b>
|
||||
</p>
|
||||
|
||||
<p class="blog__post-description">. </p>
|
||||
</a>
|
||||
<div class="blog__post-tag-container">
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gna">#gna</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/security">#security</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/problem">#problem</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/solution">#solution</a>
|
||||
|
||||
</div>
|
||||
</li>
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-breaking-episode-2/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">1.17 breaking changes episode 2: preserving a custom gitconfig</h2>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
|
||||
<title> - security</title>
|
||||
<link href="https://gna.org/tags/security/atom.xml" rel="self" type="application/atom+xml"/>
|
||||
<link href="https://gna.org"/>
|
||||
<generator uri="https://www.getzola.org/">Zola</generator>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<id>https://gna.org/tags/security/atom.xml</id>
|
||||
<entry xml:lang="en">
|
||||
<title>[security] Gitea < 1.17.3 git option injection explained</title>
|
||||
<published>2022-10-17T00:00:00+00:00</published>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
|
||||
<id>https://gna.org/blog/1-17-3-git-security/</id>
|
||||
<content type="html"><p><a href="https://pouet.chapril.org/@gna/109176306611564720">Gitea 1.17.3</a> includes a <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/commit/d98c5db58fdeded983bf5c0fe781fd7b77a1235f">security patch</a> that prevents the injection of arguments to the git command run by Gitea.</p>
|
||||
<p>When displaying the commit graph <a href="https://gitea.gna.org/Gna/organization/graph?branch=refs%2Fheads%2Fmaster">for the master branch</a>, the URL contains the argument <strong>refs%2Fheads%2Fmaster</strong> that is passed to the <code>git</code> command with something like:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph refs/head/master
|
||||
</span></code></pre>
|
||||
<p>If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a <code>git</code> argument instead of a branch name. For instance <strong>-h</strong> could be passed to the <code>git</code> command as:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph -h
|
||||
</span></code></pre>
|
||||
<p>In reality the <code>rev-list</code> command is called before <code>log</code> and in Gitea 1.17.2 the debug output will show something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:17:17 ...s/web/repo/commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&lt;options&gt;] &lt;commit-id&gt;... [-- &lt;path&gt;...]
|
||||
</span><span>...
|
||||
</span></code></pre>
|
||||
<p>In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:25:05 ...dules/git/command.go:166:Run() [E] [634d0351] git command is broken: /usr/bin/git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
|
||||
</span><span>2022/10/17 07:25:05 ...s/web/repo/commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: git command is broken
|
||||
</span></code></pre>
|
||||
</content>
|
||||
</entry>
|
||||
</feed>
|
||||
|
|
@ -0,0 +1,318 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width" />
|
||||
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
|
||||
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
|
||||
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
|
||||
<link rel="manifest" href="/site.webmanifest" />
|
||||
<link rel="me" href="https://pouet.chapril.org/@gna" />
|
||||
<link rel="stylesheet" href="https://gna.org/main.css" />
|
||||
<link
|
||||
rel="stylesheet"
|
||||
media="screen and (max-width: 1300px)"
|
||||
href="https://gna.org/mobile.css"
|
||||
/>
|
||||
|
||||
<meta name="referrer" content="no-referrer-when-downgrade" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="https://gna.org/main.css" />
|
||||
<link
|
||||
rel="stylesheet"
|
||||
media="screen and (max-width: 1300px)"
|
||||
href="https://gna.org/mobile.css"
|
||||
/>
|
||||
|
||||
<meta name="referrer" content="no-referrer-when-downgrade" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
<title>security | Gna!: Managed Gitea Hosting </title>
|
||||
<meta name="referrer" content="no-referrer-when-downgrade" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
<meta name="description" content="security" />
|
||||
|
||||
|
||||
<meta property="og:title" content="security | Gna!: Managed Gitea Hosting " />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://gna.org" />
|
||||
|
||||
<meta property="og:description" content="security" />
|
||||
<meta
|
||||
property="og:site_name"
|
||||
content="security | Gna!: Managed Gitea Hosting "
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="57x57"
|
||||
href="https://gna.org/apple-icon-57x57.png?h=c21de14cfdf862a6472ae977557fa048a7c36d39337e61d3274705e9bd8e857f"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="60x60"
|
||||
href="https://gna.org/apple-icon-60x60.png?h=67089d9025a52d0d1ddce450078c7acefe2c150a2427dec9f5e13c6314f74281"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="72x72"
|
||||
href="https://gna.org/apple-icon-72x72.png?h=70725943de8884804f9da28202ced0ad6fed483ae9cf8f6d874aa133e30cb693"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="76x76"
|
||||
href="https://gna.org/apple-icon-76x76.png?h=1e6e8072df3b21bdcea254a42aac6e993611e845f91ddd79f6f35a6c441710a5"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="114x114"
|
||||
href="https://gna.org/apple-icon-114x114.png?h=c20099f8190ed3962fab5726c5594857a871cdb3ee98439343c622cd3727fed6"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="120x120"
|
||||
href="https://gna.org/apple-icon-120x120.png?h=4df78e402e60b58c6d44764678bdd737b5b6a836aeb85fb75fa49f706f7e8c81"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="144x144"
|
||||
href="https://gna.org/apple-icon-144x144.png?h=0c44e6655d714f89ee95cc151032d1f0dc3204bd24d1ca2ee9d94692d4ede84d"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="152x152"
|
||||
href="https://gna.org/apple-icon-152x152.png?h=157918f883ff95d4eeb6452d0ebb61ca5e21ea0dcac1aefe825f3e2f3999052f"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="180x180"
|
||||
href="https://gna.org/apple-icon-180x180.png?h=7d5c16d379b7db6d8ea5aae64921d7162b84f543763acd8fc7c107f80a600213"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="192x192"
|
||||
href="https://gna.org/android-icon-192x192.png?h=095e3835b082dba07f606c33fa6f71bcd671a71e987b0ab2e46dcddceef52b9c"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="32x32"
|
||||
href="https://gna.org/favicon-32x32.png?h=1bf54bf111572b1d1639192b5360ee4345f702e563aa71bb66610a95a7290437"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="96x96"
|
||||
href="https://gna.org/favicon-96x96.png?h=5a6ed96c09f5055526e3b236867a1272a26f7ba957d48b267bccd51ef0845fbe"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="16x16"
|
||||
href="https://gna.org/favicon-16x16.png?h=1e5fa59ae78516055f662e40bb2599dc3828a7adb34567e9d8d2cfcaa6b7aa5f"
|
||||
/>
|
||||
<link
|
||||
rel="manifest"
|
||||
href="https://gna.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
|
||||
/>
|
||||
<meta name="msapplication-TileColor" content="#ffffff" />
|
||||
<meta
|
||||
name="msapplication-TileImage"
|
||||
content="https://gna.org/ms-icon-144x144.png?h=8170ab51b871b84b8f98bd03cf441afdffb2998b7dfffb04abb7ebf5deeb1f94"
|
||||
/>
|
||||
<meta name="theme-color" content="#ffffff" />
|
||||
|
||||
|
||||
</head>
|
||||
|
||||
|
||||
|
||||
|
||||
</head>
|
||||
<body class="base">
|
||||
<header>
|
||||
<nav class="nav__container">
|
||||
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
|
||||
|
||||
<div class="nav__header">
|
||||
<a class="nav__logo-container" href="/">
|
||||
|
||||
<img src="https://gna.org/gna-logo-rectangle-48px.png?h=ba9eab043277265f94c51b87d5e14f9ca35789403ecb8afc9bd1e33b13c6a2a5" alt="Gna!"/>
|
||||
</a>
|
||||
<label class="nav__hamburger-menu" for="nav__toggle">
|
||||
<span class="nav__hamburger-inner"></span>
|
||||
</label>
|
||||
</div>
|
||||
<div class="nav__spacer--small"></div>
|
||||
<div class="nav__link-group">
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="/about/">About</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="/blog/">Blog</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://matrix.to/#/#gna:matrix.batsense.net">Chat</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="/gitea-clinic/">Clinic</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://forum.gna.org">Forum</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://pouet.chapril.org/@gna">Mastodon</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<div class="nav__spacer"></div>
|
||||
<div class="nav__link-group--small">
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://hosteadashboard.gna.org/login/">Login</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container--action">
|
||||
<a class="nav__link" rel="noreferrer" href="https://hosteadashboard.gna.org/register/">Join</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</nav>
|
||||
|
||||
</header>
|
||||
<!-- See ../sass/main.scss. Required for pushing footer to the very
|
||||
bottom of the page -->
|
||||
<div class="main__content-container">
|
||||
<main>
|
||||
|
||||
|
||||
<div class="blog__container">
|
||||
|
||||
<div class="tag__title-container">
|
||||
<h1 class="tag__title">#security</h1>
|
||||
<a class="tag__rss-link--single" href="https://gna.org/tags/security/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
|
||||
class="tag__rss-icon--single"
|
||||
alt="RSS icon"
|
||||
/>
|
||||
</a></div>
|
||||
<ul class="blog__list">
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">[security] Gitea < 1.17.3 git option injection explained</h2>
|
||||
<p class="blog__post-meta">
|
||||
17
|
||||
October
|
||||
|
||||
,
|
||||
2022 · <b>2 min read</b>
|
||||
</p>
|
||||
|
||||
<p class="blog__post-description">. </p>
|
||||
</a>
|
||||
<div class="blog__post-tag-container">
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gna">#gna</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/security">#security</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/problem">#problem</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/solution">#solution</a>
|
||||
|
||||
</div>
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<link rel="alternate" type="application/rss+xml" title="RSS" href="https://gna.org/rss.xml">
|
||||
|
||||
|
||||
</main>
|
||||
<footer>
|
||||
<div class="footer__container">
|
||||
<!-- <div class="footer__column"> --->
|
||||
<p class="footer__column license__conatiner">
|
||||
All text <a
|
||||
class="license__link"
|
||||
rel="noreferrer"
|
||||
href="http://creativecommons.org/licenses/by-sa/4.0/"
|
||||
target="_blank"
|
||||
> CC-BY-SA </a
|
||||
>
|
||||
& code
|
||||
<a
|
||||
class="license__link"
|
||||
rel="noreferrer"
|
||||
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
|
||||
target="_blank"
|
||||
> AGPL </a
|
||||
>
|
||||
|
|
||||
<a
|
||||
class="license__link"
|
||||
rel="noreferrer"
|
||||
href="https://www.eff.org/issues/do-not-track/amp/"
|
||||
target="_blank"
|
||||
> No AMP </a
|
||||
>
|
||||
</p>
|
||||
<!-- </div> -->
|
||||
<div class="footer__column--center">
|
||||
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
|
||||
class="footer__icon"
|
||||
alt="Email icon"
|
||||
/>
|
||||
</a>
|
||||
</div>
|
||||
<div class="footer__column">
|
||||
<a href="/about" title="About">About</a>
|
||||
<a href="/coc" title="Code of Conduct">CoC</a>
|
||||
<span class="footer__column-divider--mobile-only">|</span>
|
||||
<a href="/legalese" title="Legalese">Legalese</a>
|
||||
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
|
||||
<span class="footer__column-divider--mobile-only">|</span>
|
||||
<a
|
||||
href="https://gitea.gna.org/Gna"
|
||||
rel="noreferrer"
|
||||
target="_blank"
|
||||
title="Status"
|
||||
>Source Code</a
|
||||
>
|
||||
<a href="/tos" title="Terms of Service">ToS</a>
|
||||
</div>
|
||||
</div>
|
||||
</footer>
|
||||
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
|
||||
<title> - solution</title>
|
||||
<link href="https://gna.org/tags/solution/atom.xml" rel="self" type="application/atom+xml"/>
|
||||
<link href="https://gna.org"/>
|
||||
<generator uri="https://www.getzola.org/">Zola</generator>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<id>https://gna.org/tags/solution/atom.xml</id>
|
||||
<entry xml:lang="en">
|
||||
<title>[security] Gitea < 1.17.3 git option injection explained</title>
|
||||
<published>2022-10-17T00:00:00+00:00</published>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
|
||||
<id>https://gna.org/blog/1-17-3-git-security/</id>
|
||||
<content type="html"><p><a href="https://pouet.chapril.org/@gna/109176306611564720">Gitea 1.17.3</a> includes a <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/commit/d98c5db58fdeded983bf5c0fe781fd7b77a1235f">security patch</a> that prevents the injection of arguments to the git command run by Gitea.</p>
|
||||
<p>When displaying the commit graph <a href="https://gitea.gna.org/Gna/organization/graph?branch=refs%2Fheads%2Fmaster">for the master branch</a>, the URL contains the argument <strong>refs%2Fheads%2Fmaster</strong> that is passed to the <code>git</code> command with something like:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph refs/head/master
|
||||
</span></code></pre>
|
||||
<p>If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a <code>git</code> argument instead of a branch name. For instance <strong>-h</strong> could be passed to the <code>git</code> command as:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph -h
|
||||
</span></code></pre>
|
||||
<p>In reality the <code>rev-list</code> command is called before <code>log</code> and in Gitea 1.17.2 the debug output will show something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:17:17 ...s/web/repo/commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&lt;options&gt;] &lt;commit-id&gt;... [-- &lt;path&gt;...]
|
||||
</span><span>...
|
||||
</span></code></pre>
|
||||
<p>In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:25:05 ...dules/git/command.go:166:Run() [E] [634d0351] git command is broken: /usr/bin/git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
|
||||
</span><span>2022/10/17 07:25:05 ...s/web/repo/commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: git command is broken
|
||||
</span></code></pre>
|
||||
</content>
|
||||
</entry>
|
||||
</feed>
|
||||
|
|
@ -0,0 +1,318 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width" />
|
||||
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
|
||||
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
|
||||
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
|
||||
<link rel="manifest" href="/site.webmanifest" />
|
||||
<link rel="me" href="https://pouet.chapril.org/@gna" />
|
||||
<link rel="stylesheet" href="https://gna.org/main.css" />
|
||||
<link
|
||||
rel="stylesheet"
|
||||
media="screen and (max-width: 1300px)"
|
||||
href="https://gna.org/mobile.css"
|
||||
/>
|
||||
|
||||
<meta name="referrer" content="no-referrer-when-downgrade" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="https://gna.org/main.css" />
|
||||
<link
|
||||
rel="stylesheet"
|
||||
media="screen and (max-width: 1300px)"
|
||||
href="https://gna.org/mobile.css"
|
||||
/>
|
||||
|
||||
<meta name="referrer" content="no-referrer-when-downgrade" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
<title>solution | Gna!: Managed Gitea Hosting </title>
|
||||
<meta name="referrer" content="no-referrer-when-downgrade" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
|
||||
<meta name="description" content="solution" />
|
||||
|
||||
|
||||
<meta property="og:title" content="solution | Gna!: Managed Gitea Hosting " />
|
||||
<meta property="og:type" content="article" />
|
||||
<meta property="og:url" content="https://gna.org" />
|
||||
|
||||
<meta property="og:description" content="solution" />
|
||||
<meta
|
||||
property="og:site_name"
|
||||
content="solution | Gna!: Managed Gitea Hosting "
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="57x57"
|
||||
href="https://gna.org/apple-icon-57x57.png?h=c21de14cfdf862a6472ae977557fa048a7c36d39337e61d3274705e9bd8e857f"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="60x60"
|
||||
href="https://gna.org/apple-icon-60x60.png?h=67089d9025a52d0d1ddce450078c7acefe2c150a2427dec9f5e13c6314f74281"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="72x72"
|
||||
href="https://gna.org/apple-icon-72x72.png?h=70725943de8884804f9da28202ced0ad6fed483ae9cf8f6d874aa133e30cb693"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="76x76"
|
||||
href="https://gna.org/apple-icon-76x76.png?h=1e6e8072df3b21bdcea254a42aac6e993611e845f91ddd79f6f35a6c441710a5"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="114x114"
|
||||
href="https://gna.org/apple-icon-114x114.png?h=c20099f8190ed3962fab5726c5594857a871cdb3ee98439343c622cd3727fed6"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="120x120"
|
||||
href="https://gna.org/apple-icon-120x120.png?h=4df78e402e60b58c6d44764678bdd737b5b6a836aeb85fb75fa49f706f7e8c81"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="144x144"
|
||||
href="https://gna.org/apple-icon-144x144.png?h=0c44e6655d714f89ee95cc151032d1f0dc3204bd24d1ca2ee9d94692d4ede84d"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="152x152"
|
||||
href="https://gna.org/apple-icon-152x152.png?h=157918f883ff95d4eeb6452d0ebb61ca5e21ea0dcac1aefe825f3e2f3999052f"
|
||||
/>
|
||||
<link
|
||||
rel="apple-touch-icon"
|
||||
sizes="180x180"
|
||||
href="https://gna.org/apple-icon-180x180.png?h=7d5c16d379b7db6d8ea5aae64921d7162b84f543763acd8fc7c107f80a600213"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="192x192"
|
||||
href="https://gna.org/android-icon-192x192.png?h=095e3835b082dba07f606c33fa6f71bcd671a71e987b0ab2e46dcddceef52b9c"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="32x32"
|
||||
href="https://gna.org/favicon-32x32.png?h=1bf54bf111572b1d1639192b5360ee4345f702e563aa71bb66610a95a7290437"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="96x96"
|
||||
href="https://gna.org/favicon-96x96.png?h=5a6ed96c09f5055526e3b236867a1272a26f7ba957d48b267bccd51ef0845fbe"
|
||||
/>
|
||||
<link
|
||||
rel="icon"
|
||||
type="image/png"
|
||||
sizes="16x16"
|
||||
href="https://gna.org/favicon-16x16.png?h=1e5fa59ae78516055f662e40bb2599dc3828a7adb34567e9d8d2cfcaa6b7aa5f"
|
||||
/>
|
||||
<link
|
||||
rel="manifest"
|
||||
href="https://gna.org/manifest.json?h=27eca3e8297eb7ff340deb3849b210185a459b3845456aa4d0036f6d966b3518"
|
||||
/>
|
||||
<meta name="msapplication-TileColor" content="#ffffff" />
|
||||
<meta
|
||||
name="msapplication-TileImage"
|
||||
content="https://gna.org/ms-icon-144x144.png?h=8170ab51b871b84b8f98bd03cf441afdffb2998b7dfffb04abb7ebf5deeb1f94"
|
||||
/>
|
||||
<meta name="theme-color" content="#ffffff" />
|
||||
|
||||
|
||||
</head>
|
||||
|
||||
|
||||
|
||||
|
||||
</head>
|
||||
<body class="base">
|
||||
<header>
|
||||
<nav class="nav__container">
|
||||
<input type="checkbox" class="nav__toggle" id="nav__toggle" />
|
||||
|
||||
<div class="nav__header">
|
||||
<a class="nav__logo-container" href="/">
|
||||
|
||||
<img src="https://gna.org/gna-logo-rectangle-48px.png?h=ba9eab043277265f94c51b87d5e14f9ca35789403ecb8afc9bd1e33b13c6a2a5" alt="Gna!"/>
|
||||
</a>
|
||||
<label class="nav__hamburger-menu" for="nav__toggle">
|
||||
<span class="nav__hamburger-inner"></span>
|
||||
</label>
|
||||
</div>
|
||||
<div class="nav__spacer--small"></div>
|
||||
<div class="nav__link-group">
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="/about/">About</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="/blog/">Blog</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://matrix.to/#/#gna:matrix.batsense.net">Chat</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="/gitea-clinic/">Clinic</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://forum.gna.org">Forum</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://pouet.chapril.org/@gna">Mastodon</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<div class="nav__spacer"></div>
|
||||
<div class="nav__link-group--small">
|
||||
|
||||
<div class="nav__link-container">
|
||||
<a class="nav__link" rel="noreferrer" href="https://hosteadashboard.gna.org/login/">Login</a>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="nav__link-container--action">
|
||||
<a class="nav__link" rel="noreferrer" href="https://hosteadashboard.gna.org/register/">Join</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</nav>
|
||||
|
||||
</header>
|
||||
<!-- See ../sass/main.scss. Required for pushing footer to the very
|
||||
bottom of the page -->
|
||||
<div class="main__content-container">
|
||||
<main>
|
||||
|
||||
|
||||
<div class="blog__container">
|
||||
|
||||
<div class="tag__title-container">
|
||||
<h1 class="tag__title">#solution</h1>
|
||||
<a class="tag__rss-link--single" href="https://gna.org/tags/solution/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
|
||||
class="tag__rss-icon--single"
|
||||
alt="RSS icon"
|
||||
/>
|
||||
</a></div>
|
||||
<ul class="blog__list">
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">[security] Gitea < 1.17.3 git option injection explained</h2>
|
||||
<p class="blog__post-meta">
|
||||
17
|
||||
October
|
||||
|
||||
,
|
||||
2022 · <b>2 min read</b>
|
||||
</p>
|
||||
|
||||
<p class="blog__post-description">. </p>
|
||||
</a>
|
||||
<div class="blog__post-tag-container">
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gna">#gna</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/security">#security</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/problem">#problem</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/solution">#solution</a>
|
||||
|
||||
</div>
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<link rel="alternate" type="application/rss+xml" title="RSS" href="https://gna.org/rss.xml">
|
||||
|
||||
|
||||
</main>
|
||||
<footer>
|
||||
<div class="footer__container">
|
||||
<!-- <div class="footer__column"> --->
|
||||
<p class="footer__column license__conatiner">
|
||||
All text <a
|
||||
class="license__link"
|
||||
rel="noreferrer"
|
||||
href="http://creativecommons.org/licenses/by-sa/4.0/"
|
||||
target="_blank"
|
||||
> CC-BY-SA </a
|
||||
>
|
||||
& code
|
||||
<a
|
||||
class="license__link"
|
||||
rel="noreferrer"
|
||||
href="https://www.gnu.org/licenses/agpl-3.0.en.html"
|
||||
target="_blank"
|
||||
> AGPL </a
|
||||
>
|
||||
|
|
||||
<a
|
||||
class="license__link"
|
||||
rel="noreferrer"
|
||||
href="https://www.eff.org/issues/do-not-track/amp/"
|
||||
target="_blank"
|
||||
> No AMP </a
|
||||
>
|
||||
</p>
|
||||
<!-- </div> -->
|
||||
<div class="footer__column--center">
|
||||
<a href="/blog/atom.xml" target="_blank" rel="noopener" title="RSS">
|
||||
<img
|
||||
src="https://gna.org/icons/rss.svg?h=f6cd584bdbcd2eb4d1b8b84c9cf083ef45f772167c33fdcee754b35ae8ff4c7d"
|
||||
class="footer__icon"
|
||||
alt="Email icon"
|
||||
/>
|
||||
</a>
|
||||
</div>
|
||||
<div class="footer__column">
|
||||
<a href="/about" title="About">About</a>
|
||||
<a href="/coc" title="Code of Conduct">CoC</a>
|
||||
<span class="footer__column-divider--mobile-only">|</span>
|
||||
<a href="/legalese" title="Legalese">Legalese</a>
|
||||
<a href="/privacy-policy" title="Privacy Policy">Privacy</a>
|
||||
<span class="footer__column-divider--mobile-only">|</span>
|
||||
<a
|
||||
href="https://gitea.gna.org/Gna"
|
||||
rel="noreferrer"
|
||||
target="_blank"
|
||||
title="Status"
|
||||
>Source Code</a
|
||||
>
|
||||
<a href="/tos" title="Terms of Service">ToS</a>
|
||||
</div>
|
||||
</div>
|
||||
</footer>
|
||||
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -4,8 +4,31 @@
|
|||
<link href="https://gna.org/tags/upgrade/atom.xml" rel="self" type="application/atom+xml"/>
|
||||
<link href="https://gna.org"/>
|
||||
<generator uri="https://www.getzola.org/">Zola</generator>
|
||||
<updated>2022-05-28T00:00:00+00:00</updated>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<id>https://gna.org/tags/upgrade/atom.xml</id>
|
||||
<entry xml:lang="en">
|
||||
<title>[security] Gitea < 1.17.3 git option injection explained</title>
|
||||
<published>2022-10-17T00:00:00+00:00</published>
|
||||
<updated>2022-10-17T00:00:00+00:00</updated>
|
||||
<link href="https://gna.org/blog/1-17-3-git-security/" type="text/html"/>
|
||||
<id>https://gna.org/blog/1-17-3-git-security/</id>
|
||||
<content type="html"><p><a href="https://pouet.chapril.org/@gna/109176306611564720">Gitea 1.17.3</a> includes a <a href="https://lab.forgefriends.org/forgefriends/forgefriends/-/commit/d98c5db58fdeded983bf5c0fe781fd7b77a1235f">security patch</a> that prevents the injection of arguments to the git command run by Gitea.</p>
|
||||
<p>When displaying the commit graph <a href="https://gitea.gna.org/Gna/organization/graph?branch=refs%2Fheads%2Fmaster">for the master branch</a>, the URL contains the argument <strong>refs%2Fheads%2Fmaster</strong> that is passed to the <code>git</code> command with something like:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph refs/head/master
|
||||
</span></code></pre>
|
||||
<p>If, by accident or maliciously, the branch name with a dash, it would be mistaken to be a <code>git</code> argument instead of a branch name. For instance <strong>-h</strong> could be passed to the <code>git</code> command as:</p>
|
||||
<pre data-lang="shell" style="background-color:#2b303b;color:#c0c5ce;" class="language-shell "><code class="language-shell" data-lang="shell"><span>git log --graph -h
|
||||
</span></code></pre>
|
||||
<p>In reality the <code>rev-list</code> command is called before <code>log</code> and in Gitea 1.17.2 the debug output will show something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:17:17 ...s/web/repo/commit.go:124:Graph() [W] [634d017d] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: exit status 129 - usage: git rev-list [&lt;options&gt;] &lt;commit-id&gt;... [-- &lt;path&gt;...]
|
||||
</span><span>...
|
||||
</span></code></pre>
|
||||
<p>In Gitea 1.17.3 when the same command is run, the option is discarded and the debug output shows something like:</p>
|
||||
<pre style="background-color:#2b303b;color:#c0c5ce;"><code><span>2022/10/17 07:25:05 ...dules/git/command.go:166:Run() [E] [634d0351] git command is broken: /usr/bin/git -c protocol.version=2 -c uploadpack.allowfilter=true -c uploadpack.allowAnySHA1InWant=true -c credential.helper= rev-list --count, broken args: -h
|
||||
</span><span>2022/10/17 07:25:05 ...s/web/repo/commit.go:124:Graph() [W] [634d0351] GetCommitGraphsCount error for generate graph exclude prs: false branches: [-h] in 1:root/test, Will Ignore branches and try again. Underlying Error: git command is broken
|
||||
</span></code></pre>
|
||||
</content>
|
||||
</entry>
|
||||
<entry xml:lang="en">
|
||||
<title>[solved] Gitea 1.15 and up: path not found or permission denied</title>
|
||||
<published>2022-05-28T00:00:00+00:00</published>
|
||||
|
|
|
|||
|
|
@ -219,6 +219,36 @@
|
|||
</a></div>
|
||||
<ul class="blog__list">
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/1-17-3-git-security/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">[security] Gitea < 1.17.3 git option injection explained</h2>
|
||||
<p class="blog__post-meta">
|
||||
17
|
||||
October
|
||||
|
||||
,
|
||||
2022 · <b>2 min read</b>
|
||||
</p>
|
||||
|
||||
<p class="blog__post-description">. </p>
|
||||
</a>
|
||||
<div class="blog__post-tag-container">
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gna">#gna</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/gitea">#gitea</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/security">#security</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/problem">#problem</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/upgrade">#upgrade</a>
|
||||
|
||||
<a class="blog__post-tag" href="/tags/solution">#solution</a>
|
||||
|
||||
</div>
|
||||
</li>
|
||||
|
||||
<li class="blog__post-item">
|
||||
<a href="https://gna.org/blog/path-not-found/" class="blog__post-link">
|
||||
<h2 class="blog__post-title">[solved] Gitea 1.15 and up: path not found or permission denied</h2>
|
||||
|
|
|
|||
Loading…
Reference in New Issue