1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-27 09:11:53 -05:00

Prevent newline errors with Debian packages (#26332) (#26342)

Backport #26332 by @KN4CK3R

Fixes #26313

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 3e9475b3b2)
This commit is contained in:
Giteabot 2023-08-05 17:41:30 +08:00 committed by Earl Warren
parent 33c52556a3
commit 75417ed070
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
2 changed files with 12 additions and 11 deletions

View file

@ -172,19 +172,10 @@ func ParseControlFile(r io.Reader) (*Package, error) {
value := strings.TrimSpace(parts[1]) value := strings.TrimSpace(parts[1])
switch key { switch key {
case "Package": case "Package":
if !namePattern.MatchString(value) {
return nil, ErrInvalidName
}
p.Name = value p.Name = value
case "Version": case "Version":
if !versionPattern.MatchString(value) {
return nil, ErrInvalidVersion
}
p.Version = value p.Version = value
case "Architecture": case "Architecture":
if value == "" {
return nil, ErrInvalidArchitecture
}
p.Architecture = value p.Architecture = value
case "Maintainer": case "Maintainer":
a, err := mail.ParseAddress(value) a, err := mail.ParseAddress(value)
@ -208,13 +199,23 @@ func ParseControlFile(r io.Reader) (*Package, error) {
return nil, err return nil, err
} }
if !namePattern.MatchString(p.Name) {
return nil, ErrInvalidName
}
if !versionPattern.MatchString(p.Version) {
return nil, ErrInvalidVersion
}
if p.Architecture == "" {
return nil, ErrInvalidArchitecture
}
dependencies := strings.Split(depends.String(), ",") dependencies := strings.Split(depends.String(), ",")
for i := range dependencies { for i := range dependencies {
dependencies[i] = strings.TrimSpace(dependencies[i]) dependencies[i] = strings.TrimSpace(dependencies[i])
} }
p.Metadata.Dependencies = dependencies p.Metadata.Dependencies = dependencies
p.Control = control.String() p.Control = strings.TrimSpace(control.String())
return p, nil return p, nil
} }

View file

@ -212,7 +212,7 @@ func buildPackagesIndices(ctx context.Context, ownerID int64, repoVersion *packa
} }
addSeparator = true addSeparator = true
fmt.Fprint(w, pfd.Properties.GetByName(debian_module.PropertyControl)) fmt.Fprintf(w, "%s\n", strings.TrimSpace(pfd.Properties.GetByName(debian_module.PropertyControl)))
fmt.Fprintf(w, "Filename: pool/%s/%s/%s\n", distribution, component, pfd.File.Name) fmt.Fprintf(w, "Filename: pool/%s/%s/%s\n", distribution, component, pfd.File.Name)
fmt.Fprintf(w, "Size: %d\n", pfd.Blob.Size) fmt.Fprintf(w, "Size: %d\n", pfd.Blob.Size)