Skip to content

Prevent panic on fuzzer provided string (#14405) #14409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 20, 2021
Merged

Prevent panic on fuzzer provided string (#14405) #14409

merged 1 commit into from
Jan 20, 2021

Conversation

@6543
Copy link
Member

@6543 6543 commented Jan 20, 2021

  • Prevent panic on fuzzer provided string

The fuzzer has found that providing a tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Backport #14405

@zeripath @6543
Prevent panic on fuzzer provided string (go-gitea#14405)
4257f7d 
* Prevent panic on fuzzer provided string

The fuzzer has found that providing a <body> tag with an attribute to
PostProcess causes a panic. This PR removes any rendered html or body
tags from the output.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Placate lint

* placate lint again

Signed-off-by: Andrew Thornton <art27@cantab.net>

* minor cleanup

Signed-off-by: Andrew Thornton <art27@cantab.net>
@6543 6543 added the type/bug label Jan 20, 2021
@6543 6543 added this to the 1.13.2 milestone Jan 20, 2021
@6543 6543 mentioned this pull request Jan 20, 2021
Merged
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jan 20, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 20, 2021
@lafriks lafriks merged commit fb274ec into go-gitea:release/v1.13 Jan 20, 2021
@lafriks lafriks deleted the backport_14405 branch January 20, 2021 18:47
@go-gitea go-gitea locked and limited conversation to collaborators Mar 11, 2021
@6543 6543 added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Mar 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lafriks lafriks lafriks approved these changes

+1 more reviewer

@zeripath zeripath zeripath approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug

Projects

None yet

Milestone

1.13.2

Development

Successfully merging this pull request may close these issues.

4 participants

@6543 @lafriks @zeripath @GiteaBot