9c28967 Allow to limit the number of valid url scheme in pkg.conf — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

Allow to limit the number of valid url scheme in pkg.conf

Baptiste Daroussin committed 10 years ago

commit 9c2896737d2a5c2505cfb0c568a955c21881bf50
parent a17fd51

1 file changed +31 -0

modified libpkg/pkg_config.c

@@ -385,6 +385,11 @@ static struct config_entry c[] = {

 		NULL,
 		"Repository config in pkg.conf"
 	},
 	{
 		PKG_ARRAY,
 		"VALID_URL_SCHEME",
 		"pkg+http,pkg+https,https,http,ftp,file,ssh",
 	},
 };
 static bool parsed = false;

@@ -801,6 +806,8 @@ pkg_ini(const char *path, const char *reposdir, pkg_init_flags flags)

 	const char *nsname = NULL;
 	const char *useragent = NULL;
 	const char *evpipe = NULL;
 	const char *url;
 	struct pkg_repo *repo = NULL;
 	const ucl_object_t *cur, *object;
 	ucl_object_t *obj = NULL, *o, *ncfg;
 	ucl_object_iter_t it = NULL;

@@ -1110,6 +1117,30 @@ pkg_ini(const char *path, const char *reposdir, pkg_init_flags flags)

 		add_repo_obj(cur, path, flags);
 	}
 	/* validate the different scheme */
 	while (pkg_repos(&repo) == EPKG_OK) {
 		object = ucl_object_find_key(config, "VALID_URL_SCHEME");
 		url = pkg_repo_url(repo);
 		buf = strstr(url, "://");
 		if (buf == NULL) {
 			pkg_emit_error("invalid url: %s", url);
 			return (EPKG_FATAL);
 		}
 		fatal_errors = true;
 		while ((cur = ucl_iterate_object(object, &it, true))) {
 			if (strncmp(url, ucl_object_tostring_forced(cur),
 			    buf - url) == 0) {
 				fatal_errors = false;
 				break;
 			}
 		}
 		if (fatal_errors) {
 			pkg_emit_error("invalid scheme %.*s", buf - url, url);
 			return (EPKG_FATAL);
 		}
 	}
 	/* bypass resolv.conf with specified NAMESERVER if any */
 	nsname = pkg_object_string(pkg_config_get("NAMESERVER"));
 	if (nsname != NULL) {