forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cvs-1.12.12-block-requests.patch
140 lines (126 loc) · 3.91 KB
/
cvs-1.12.12-block-requests.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
Author: Robin H. Johnson <[email protected]>
Date: 2006-08-09
This patch allows a CVS server to deny usage of specific commands, based on
input in the environment.
Just set the CVS_BLOCK_REQUESTS env var with all of the commands you want,
seperated by spaces. Eg:
CVS_BLOCK_REQUESTS="Gzip-stream gzip-file-contents"
would block ALL usage of compression.
Please see the array 'struct request requests[]' in src/server.c for a full
list of commands.
Please note that if you block any commands marked as RQ_ESSENTIAL, CVS clients
may fail! (This includes 'ci'!).
See the companion cvs-custom.c for a wrapper that can enforce the environment variable for pserver setups.
Signed-off-by: Robin H. Johnson <[email protected]>
diff -Nuar --exclude '*~' -U 10 cvs-1.12.12.orig/src/server.c cvs-1.12.12/src/server.c
--- cvs-1.12.12.orig/src/server.c 2005-04-14 14:13:29.000000000 +0000
+++ cvs-1.12.12/src/server.c 2006-08-09 01:40:44.000000000 +0000
@@ -5836,43 +5836,90 @@
#undef REQ_LINE
};
#endif /* SERVER_SUPPORT or CLIENT_SUPPORT */
#ifdef SERVER_SUPPORT
/*
* This server request is not ignored by the secondary.
*/
+
+/* Hack by Robin H. Johnson <[email protected]>.
+ * Allow the server ENV to specify what request types are to be ignored.
+ */
+
+static char blocked_requests[BUFSIZ] = " ";
+
+static void build_blocked_requests() {
+ char *tmp = getenv("CVS_BLOCK_REQUESTS");
+
+ if (tmp != NULL && strlen(tmp) > 0) {
+ // move to our custom buffer
+ strncat(blocked_requests, tmp, sizeof(blocked_requests)-strlen(blocked_requests));
+ //add a space on the end as well for searching
+ strncat(blocked_requests, " ", sizeof(blocked_requests)-strlen(blocked_requests));
+ }
+
+ // now blocked_requests contains the list of every request that we do not
+ // want to serve
+}
+
+// returns 0 if we should serve this request
+// use as if(checker(FOO)) continue;
+static int serve_valid_requests_checker(char *reqname) {
+ char needle[BUFSIZ] = " ";
+ char *tmp;
+
+ if(!blocked_requests || strlen(blocked_requests) < 2)
+ return 0;
+
+ // we want to look for ' 'reqname' '
+ snprintf(needle, sizeof(needle), " %s ", reqname);
+
+ // now do the search
+ tmp = strstr(blocked_requests, needle);
+
+ if (tmp != NULL)
+ return 1;
+
+ return 0;
+
+}
+
static void
serve_valid_requests (char *arg)
{
struct request *rq;
/* Since this is processed in the first pass, don't reprocess it in the
* second.
*
* We still print errors since new errors could have been generated in the
* second pass.
*/
if (print_pending_error ()
#ifdef PROXY_SUPPORT
|| reprocessing
#endif /* PROXY_SUPPORT */
)
return;
+
+ build_blocked_requests();
buf_output0 (buf_to_net, "Valid-requests");
for (rq = requests; rq->name != NULL; rq++)
{
if (rq->func != NULL)
{
+ if(serve_valid_requests_checker(rq->name))
+ continue;
buf_append_char (buf_to_net, ' ');
buf_output0 (buf_to_net, rq->name);
}
}
buf_output0 (buf_to_net, "\nok\n");
/* The client is waiting for the list of valid requests, so we
must send the output now. */
buf_flush (buf_to_net, 1);
}
@@ -6353,20 +6400,24 @@
cmd += len;
else if (cmd[len] == ' ')
cmd += len + 1;
else
/*
* The first len characters match, but it's a different
* command. e.g. the command is "cooperate" but we matched
* "co".
*/
continue;
+ // Ignore commands that we are supposed to ignore.
+ if(serve_valid_requests_checker(rq->name))
+ continue;
+
if (!(rq->flags & RQ_ROOTLESS)
&& current_parsed_root == NULL)
{
/* For commands which change the way in which data
is sent and received, for example Gzip-stream,
this does the wrong thing. Since the client
assumes that everything is being compressed,
unconditionally, there is no way to give this
error to the client without turning on