Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent panic on fuzzer provided string #14405

Merged
merged 5 commits into from
Jan 20, 2021

Conversation

zeripath
Copy link
Contributor

The fuzzer has found that providing a tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Replaces #14402

Signed-off-by: Andrew Thornton [email protected]

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <[email protected]>
modules/markup/html.go Outdated Show resolved Hide resolved
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jan 20, 2021
modules/markup/html.go Outdated Show resolved Hide resolved
@zeripath
Copy link
Contributor Author

@lunny - the body wraparound is necessary.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jan 20, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 20, 2021
@lunny lunny merged commit 1722299 into go-gitea:master Jan 20, 2021
6543 pushed a commit to 6543-forks/gitea that referenced this pull request Jan 20, 2021
* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <[email protected]>

* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <[email protected]>

* minor cleanup

Signed-off-by: Andrew Thornton <[email protected]>
@6543
Copy link
Member

6543 commented Jan 20, 2021

Backport: #14409

@6543 6543 added the backport/done All backports for this PR have been created label Jan 20, 2021
@zeripath zeripath deleted the alternate-fuzz-fix branch January 20, 2021 16:28
lafriks pushed a commit that referenced this pull request Jan 20, 2021
* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <[email protected]>

* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <[email protected]>

* minor cleanup

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: zeripath <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators Mar 11, 2021
@6543 6543 added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Mar 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants