Fossil SCM

Block an infinite loop in Th_ReportTaint() that can occur when the vuln-report setting is "fatal" and the error happens again while generating the fatal error page.

drh 2025-04-24 19:42 trunk
Commit 76f1ddb6c2cf03af0791eb42fde43338e07e696bdeda02207022e66afc497c0f
Parent 9d7b31552af7f87…
1 file changed +4 -3
~ src/th_main.c
M src/th_main.c
+4 -3
--- src/th_main.c
+++ src/th_main.c
@@ -3084,14 +3084,14 @@
30843084
 Th_Interp *interp, /* Report error here, if an error is reported */
30853085
 const char *zWhere, /* Where the tainted string appears */
30863086
 const char *zStr, /* The tainted string */
30873087
 int nStr /* Length of the tainted string */
30883088
 ){
3089
- char *zDisp; /* Dispensation */
3090
- const char *zVulnType; /* Type of vulnerability */
3089
+ static const char *zDisp = 0; /* Dispensation; what to do with the error */
3090
+ const char *zVulnType; /* Type of vulnerability */
30913091
3092
- zDisp = db_get("vuln-report","log");
3092
+ if( zDisp==0 ) zDisp = db_get("vuln-report","log");
30933093
 if( is_false(zDisp) ) return 0;
30943094
 if( strstr(zWhere,"SQL")!=0 ){
30953095
 zVulnType = "SQL-injection";
30963096
 }else{
30973097
 zVulnType = "XSS";
@@ -3106,10 +3106,11 @@
31063106
 char *z = mprintf("tainted %s: \"", zWhere);
31073107
 Th_ErrorMessage(interp, z, zStr, nStr);
31083108
 fossil_free(z);
31093109
 }else{
31103110
 char *z = mprintf("%#h", nStr, zStr);
3111
+ zDisp = "off";
31113112
 cgi_reset_content();
31123113
 style_submenu_enable(0);
31133114
 style_set_current_feature("error");
31143115
 style_header("Configuration Error");
31153116
 @ <p>Error in a TH1 configuration script:
31163117
--- src/th_main.c
+++ src/th_main.c
@@ -3084,14 +3084,14 @@
3084 Th_Interp *interp, /* Report error here, if an error is reported */
3085 const char *zWhere, /* Where the tainted string appears */
3086 const char *zStr, /* The tainted string */
3087 int nStr /* Length of the tainted string */
3088 ){
3089 char *zDisp; /* Dispensation */
3090 const char *zVulnType; /* Type of vulnerability */
3091
3092 zDisp = db_get("vuln-report","log");
3093 if( is_false(zDisp) ) return 0;
3094 if( strstr(zWhere,"SQL")!=0 ){
3095 zVulnType = "SQL-injection";
3096 }else{
3097 zVulnType = "XSS";
@@ -3106,10 +3106,11 @@
3106 char *z = mprintf("tainted %s: \"", zWhere);
3107 Th_ErrorMessage(interp, z, zStr, nStr);
3108 fossil_free(z);
3109 }else{
3110 char *z = mprintf("%#h", nStr, zStr);
 
3111 cgi_reset_content();
3112 style_submenu_enable(0);
3113 style_set_current_feature("error");
3114 style_header("Configuration Error");
3115 @ <p>Error in a TH1 configuration script:
3116
--- src/th_main.c
+++ src/th_main.c
@@ -3084,14 +3084,14 @@
3084 Th_Interp *interp, /* Report error here, if an error is reported */
3085 const char *zWhere, /* Where the tainted string appears */
3086 const char *zStr, /* The tainted string */
3087 int nStr /* Length of the tainted string */
3088 ){
3089 static const char *zDisp = 0; /* Dispensation; what to do with the error */
3090 const char *zVulnType; /* Type of vulnerability */
3091
3092 if( zDisp==0 ) zDisp = db_get("vuln-report","log");
3093 if( is_false(zDisp) ) return 0;
3094 if( strstr(zWhere,"SQL")!=0 ){
3095 zVulnType = "SQL-injection";
3096 }else{
3097 zVulnType = "XSS";
@@ -3106,10 +3106,11 @@
3106 char *z = mprintf("tainted %s: \"", zWhere);
3107 Th_ErrorMessage(interp, z, zStr, nStr);
3108 fossil_free(z);
3109 }else{
3110 char *z = mprintf("%#h", nStr, zStr);
3111 zDisp = "off";
3112 cgi_reset_content();
3113 style_submenu_enable(0);
3114 style_set_current_feature("error");
3115 style_header("Configuration Error");
3116 @ <p>Error in a TH1 configuration script:
3117

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button