Fossil SCM

Do not allow webpage names to be used as command-line commands. This prevents deferencing of the null "g.db" pointer for command-line commands.

drh 2014-07-16 04:02 trunk

Commit c2a9c1f7f859925af64589dfa3824d529b3889ac

Parent 313de568dcd03c7…

1 file changed +3 -1

M src/main.c

+3 -1

		--- src/main.c
		+++ src/main.c
		@@ -655,11 +655,13 @@
655	655	}
656	656	#ifndef _WIN32
657	657	if( !is_valid_fd(2) ) fossil_panic("file descriptor 2 not open");
658	658	/* if( is_valid_fd(3) ) fossil_warning("file descriptor 3 is open"); */
659	659	#endif
660		- rc = name_search(zCmdName, aCommand, count(aCommand), &idx);
	660	+ rc = name_search(zCmdName, aCommand + count(aWebpage),
	661	+ count(aCommand) - count(aWebpage), &idx);
	662	+ idx += count(aWebpage);
661	663	if( rc==1 ){
662	664	#ifdef FOSSIL_ENABLE_TH1_HOOKS
663	665	if( !g.isHTTP && !g.fNoThHook ){
664	666	rc = Th_CommandHook(zCmdName, 0);
665	667	}else{
666	668

	--- src/main.c
	+++ src/main.c
	@@ -655,11 +655,13 @@
655	}
656	#ifndef _WIN32
657	if( !is_valid_fd(2) ) fossil_panic("file descriptor 2 not open");
658	/* if( is_valid_fd(3) ) fossil_warning("file descriptor 3 is open"); */
659	#endif
660	rc = name_search(zCmdName, aCommand, count(aCommand), &idx);


661	if( rc==1 ){
662	#ifdef FOSSIL_ENABLE_TH1_HOOKS
663	if( !g.isHTTP && !g.fNoThHook ){
664	rc = Th_CommandHook(zCmdName, 0);
665	}else{
666

	--- src/main.c
	+++ src/main.c
	@@ -655,11 +655,13 @@
655	}
656	#ifndef _WIN32
657	if( !is_valid_fd(2) ) fossil_panic("file descriptor 2 not open");
658	/* if( is_valid_fd(3) ) fossil_warning("file descriptor 3 is open"); */
659	#endif
660	rc = name_search(zCmdName, aCommand + count(aWebpage),
661	count(aCommand) - count(aWebpage), &idx);
662	idx += count(aWebpage);
663	if( rc==1 ){
664	#ifdef FOSSIL_ENABLE_TH1_HOOKS
665	if( !g.isHTTP && !g.fNoThHook ){
666	rc = Th_CommandHook(zCmdName, 0);
667	}else{
668