patches/gitweb/q/gitweb-avoid-stale-variable-contents.diff

   1 Subject: [PATCH] gitweb: avoid stale variable contents
   2
   3 When gitweb is running in an optimized CGI processing mode
   4 (mod_perl, FCGI, PSGI, etc.), multiple requests are served
   5 by the same invocation of gitweb.cgi.
   6
   7 It is crucial for proper operation that remnants from the
   8 previous request are not allowed to taint subsequent requests.
   9
  10 In particular, there are a number of "our" variables that
  11 need to be expliictly cleared in order to prevent this from
  12 happening and possibly corrupting subsequent requests.
  13
  14 The snapshot action is particularly susceptible to corruption
  15 without these precautions.
  16
  17 Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
  18 ---
  19  gitweb/gitweb.perl | 33 ++++++++++++++++++++++++++++++++-
  20  1 file changed, 32 insertions(+), 1 deletion(-)
  21
  22 diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
  23 index b61e9408..a8dbb2dd 100755
  24 --- a/gitweb/gitweb.perl
  25 +++ b/gitweb/gitweb.perl
  26 @@ -1340,6 +1340,23 @@ sub evaluate_argv {
  27         );
  28  }
  29
  30 +# Any "our" variable that could possibly influence correct handling of
  31 +# a CGI request MUST be reset in this subroutine
  32 +sub _reset_globals {
  33 +       # Note that $t0 and $number_of_git_commands are handled by reset_timer
  34 +       our %input_params = ();
  35 +       our ($action, $project, $file_name, $file_parent, $hash, $hash_parent, $hash_base,
  36 +            $hash_parent_base, @extra_options, $page, $searchtype, $search_use_regexp,
  37 +            $searchtext, $search_regexp, $project_filter) = ();
  38 +       our $git_dir = undef;
  39 +       our (@snapshot_fmts, $git_avatar, @extra_branch_refs) = ();
  40 +       our %avatar_cache = ();
  41 +       our $config_file = '';
  42 +       our %config = ();
  43 +       our $gitweb_project_owner = undef;
  44 +       keys %known_snapshot_formats; # reset 'each' iterator
  45 +}
  46 +
  47  sub run {
  48         evaluate_argv();
  49
  50 @@ -1351,9 +1368,23 @@ sub run {
  51         while ($cgi = $CGI->new()) {
  52                 $pre_dispatch_hook->()
  53                         if $pre_dispatch_hook;
  54 +               {
  55 +                       # most globals can simply be reset
  56 +                       _reset_globals;
  57
  58 -               eval {run_request()};
  59 +                       # evaluate_path_info corrupts %known_snapshot_formats
  60 +                       # so we need a deepish copy of it -- note that
  61 +                       # _reset_globals already took care of resetting its
  62 +                       # hash iterator that evaluate_path_info also leaves
  63 +                       # in an indeterminate state
  64 +                       my %formats = ();
  65 +                       while (my ($k,$v) = each(%known_snapshot_formats)) {
  66 +                               $formats{$k} = {%{$known_snapshot_formats{$k}}};
  67 +                       }
  68 +                       local *known_snapshot_formats = \%formats;
  69
  70 +                       eval {run_request()};
  71 +               }
  72                 $post_dispatch_hook->()
  73                         if $post_dispatch_hook;
  74                 $first_request = 0;
  75 ---