Mercurial > hg
annotate mercurial/bdiff.h @ 36756:2ecb0fc535b1 stable
hgweb: always perform permissions checks on protocol commands (BC) (SEC)
Previously, the HTTP request handling code would only perform
permissions checking on a wire protocol command if that wire protocol
command defined its permissions / operation type. This meant that
commands (possibly provided by extensions) not defining their
operation type would bypass permissions check. This could lead
to exfiltration of data from servers and mutating repositories that
were supposed to be read-only.
This security issue has been present since the permissions table
was introduced by d3147b4e3e8a in 2008.
This commit changes the behavior of the HTTP server to always
perform permissions checking for protocol requests. If an
explicit permission for a wire protocol command is not defined,
the server assumes the command can be used for writing and
governs access accordingly.
.. bc::
Wire protocol commands not defining their operation type in
``wireproto.PERMISSIONS`` are now assumed to be used for
"push" operations and access control to run those commands
is now enforced accordingly.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sun, 18 Feb 2018 17:20:38 -0800 |
| parents | 174d115d8104 |
| children | d86908050375 |
| rev | line source |
|---|---|
|
29541
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
1 #ifndef _HG_BDIFF_H_ |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
2 #define _HG_BDIFF_H_ |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
3 |
|
34652
174d115d8104
bdiff: include compat.h in header to define ssize_t
Yuya Nishihara <yuya@tcha.org>
parents:
34627
diff
changeset
|
4 #include "compat.h" |
|
174d115d8104
bdiff: include compat.h in header to define ssize_t
Yuya Nishihara <yuya@tcha.org>
parents:
34627
diff
changeset
|
5 |
|
29541
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
6 struct bdiff_line { |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
7 int hash, n, e; |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
8 ssize_t len; |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
9 const char *l; |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
10 }; |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
11 |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
12 struct bdiff_hunk; |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
13 struct bdiff_hunk { |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
14 int a1, a2, b1, b2; |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
15 struct bdiff_hunk *next; |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
16 }; |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
17 |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
18 int bdiff_splitlines(const char *a, ssize_t len, struct bdiff_line **lr); |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
19 int bdiff_diff(struct bdiff_line *a, int an, struct bdiff_line *b, int bn, |
|
34627
72985b390d7c
bdiff: format header file with clang-format
Augie Fackler <augie@google.com>
parents:
29541
diff
changeset
|
20 struct bdiff_hunk *base); |
|
29541
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
21 void bdiff_freehunks(struct bdiff_hunk *l); |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
22 |
|
9631ff5ebbeb
bdiff: split bdiff into cpy-aware and cpy-agnostic part
Maciej Fijalkowski <fijall@gmail.com>
parents:
diff
changeset
|
23 #endif |