1
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-11-04 08:17:24 -05:00

Prevent newline errors with Debian packages (#26332)

Fixes #26313
This commit is contained in:
KN4CK3R 2023-08-05 10:59:52 +02:00 committed by GitHub
parent 9a8af92577
commit 2d3924d0e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 11 deletions

View File

@ -172,19 +172,10 @@ func ParseControlFile(r io.Reader) (*Package, error) {
value := strings.TrimSpace(parts[1]) value := strings.TrimSpace(parts[1])
switch key { switch key {
case "Package": case "Package":
if !namePattern.MatchString(value) {
return nil, ErrInvalidName
}
p.Name = value p.Name = value
case "Version": case "Version":
if !versionPattern.MatchString(value) {
return nil, ErrInvalidVersion
}
p.Version = value p.Version = value
case "Architecture": case "Architecture":
if value == "" {
return nil, ErrInvalidArchitecture
}
p.Architecture = value p.Architecture = value
case "Maintainer": case "Maintainer":
a, err := mail.ParseAddress(value) a, err := mail.ParseAddress(value)
@ -208,13 +199,23 @@ func ParseControlFile(r io.Reader) (*Package, error) {
return nil, err return nil, err
} }
if !namePattern.MatchString(p.Name) {
return nil, ErrInvalidName
}
if !versionPattern.MatchString(p.Version) {
return nil, ErrInvalidVersion
}
if p.Architecture == "" {
return nil, ErrInvalidArchitecture
}
dependencies := strings.Split(depends.String(), ",") dependencies := strings.Split(depends.String(), ",")
for i := range dependencies { for i := range dependencies {
dependencies[i] = strings.TrimSpace(dependencies[i]) dependencies[i] = strings.TrimSpace(dependencies[i])
} }
p.Metadata.Dependencies = dependencies p.Metadata.Dependencies = dependencies
p.Control = control.String() p.Control = strings.TrimSpace(control.String())
return p, nil return p, nil
} }

View File

@ -212,7 +212,7 @@ func buildPackagesIndices(ctx context.Context, ownerID int64, repoVersion *packa
} }
addSeparator = true addSeparator = true
fmt.Fprint(w, pfd.Properties.GetByName(debian_module.PropertyControl)) fmt.Fprintf(w, "%s\n", strings.TrimSpace(pfd.Properties.GetByName(debian_module.PropertyControl)))
fmt.Fprintf(w, "Filename: pool/%s/%s/%s\n", distribution, component, pfd.File.Name) fmt.Fprintf(w, "Filename: pool/%s/%s/%s\n", distribution, component, pfd.File.Name)
fmt.Fprintf(w, "Size: %d\n", pfd.Blob.Size) fmt.Fprintf(w, "Size: %d\n", pfd.Blob.Size)