Radish alpha
H
HardenedBSD-pkg
HardenedBSD Package Manager
Radicle
Git (anonymous pull)
Log in to clone via SSH
Commits
Allow to limit the number of valid url scheme in pkg.conf
Baptiste Daroussin committed 10 years ago
commit 9c2896737d2a5c2505cfb0c568a955c21881bf50
parent a17fd511d0bbe0c5377391f7982752dc554fa6ee
1 file changed +31 -0
modified libpkg/pkg_config.c
@@ -385,6 +385,11 @@ static struct config_entry c[] = {
		NULL,

		"Repository config in pkg.conf"

	},
+ 
	{
+ 
		PKG_ARRAY,
+ 
		"VALID_URL_SCHEME",
+ 
		"pkg+http,pkg+https,https,http,ftp,file,ssh",
+ 
	},

};



static bool parsed = false;
@@ -801,6 +806,8 @@ pkg_ini(const char *path, const char *reposdir, pkg_init_flags flags)
	const char *nsname = NULL;

	const char *useragent = NULL;

	const char *evpipe = NULL;
+ 
	const char *url;
+ 
	struct pkg_repo *repo = NULL;

	const ucl_object_t *cur, *object;

	ucl_object_t *obj = NULL, *o, *ncfg;

	ucl_object_iter_t it = NULL;
@@ -1110,6 +1117,30 @@ pkg_ini(const char *path, const char *reposdir, pkg_init_flags flags)
		add_repo_obj(cur, path, flags);

	}
+ 
	/* validate the different scheme */
+ 
	while (pkg_repos(&repo) == EPKG_OK) {
+ 
		object = ucl_object_find_key(config, "VALID_URL_SCHEME");
+ 
		url = pkg_repo_url(repo);
+ 
		buf = strstr(url, "://");
+ 
		if (buf == NULL) {
+ 
			pkg_emit_error("invalid url: %s", url);
+ 
			return (EPKG_FATAL);
+ 
		}
+ 
		fatal_errors = true;
+ 
		while ((cur = ucl_iterate_object(object, &it, true))) {
+ 
			if (strncmp(url, ucl_object_tostring_forced(cur),
+ 
			    buf - url) == 0) {
+ 
				fatal_errors = false;
+ 
				break;
+ 
			}
+ 
		}
+
+ 
		if (fatal_errors) {
+ 
			pkg_emit_error("invalid scheme %.*s", buf - url, url);
+ 
			return (EPKG_FATAL);
+ 
		}
+ 
	}
+ 


	/* bypass resolv.conf with specified NAMESERVER if any */

	nsname = pkg_object_string(pkg_config_get("NAMESERVER"));

	if (nsname != NULL) {