diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-01-16 11:39:17 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-01-16 12:13:39 +0100 |
commit | b826537cb4aa2358027ffcb1dd6a87274734e962 (patch) | |
tree | 7c749c66d868cb996828d2b65a4bede58b5ebd62 /cgit.c | |
parent | d6e9200cc35411f3f27426b608bcfdef9348e6d3 (diff) | |
download | cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.tar.gz cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.tar.bz2 cgit-b826537cb4aa2358027ffcb1dd6a87274734e962.zip |
authentication: use hidden form instead of referer
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'cgit.c')
-rw-r--r-- | cgit.c | 22 |
1 files changed, 8 insertions, 14 deletions
@@ -614,22 +614,19 @@ static inline void open_auth_filter(struct cgit_context *ctx, const char *functi ctx->qry.url ? ctx->qry.url : ""); } +/* We intentionally keep this rather small, instead of looping and + * feeding it to the filter a couple bytes at a time. This way, the + * filter itself does not need to handle any denial of service or + * buffer bloat issues. If this winds up being too small, people + * will complain on the mailing list, and we'll increase it as needed. */ #define MAX_AUTHENTICATION_POST_BYTES 4096 +/* The filter is expected to spit out "Status: " and all headers. */ static inline void authenticate_post(struct cgit_context *ctx) { - if (ctx->env.http_referer && strlen(ctx->env.http_referer) > 0) { - html("Status: 302 Redirect\n"); - html("Cache-Control: no-cache, no-store\n"); - htmlf("Location: %s\n", ctx->env.http_referer); - } else { - html("Status: 501 Missing Referer\n"); - html("Cache-Control: no-cache, no-store\n\n"); - exit(0); - } - - open_auth_filter(ctx, "authenticate-post"); char buffer[MAX_AUTHENTICATION_POST_BYTES]; int len; + + open_auth_filter(ctx, "authenticate-post"); len = ctx->env.content_length; if (len > MAX_AUTHENTICATION_POST_BYTES) len = MAX_AUTHENTICATION_POST_BYTES; @@ -637,10 +634,7 @@ static inline void authenticate_post(struct cgit_context *ctx) die_errno("Could not read POST from stdin"); if (write(STDOUT_FILENO, buffer, len) < 0) die_errno("Could not write POST to stdout"); - /* The filter may now spit out a Set-Cookie: ... */ cgit_close_filter(ctx->cfg.auth_filter); - - html("\n"); exit(0); } |