Fossil

Check-in [bb860492]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Resolve two 'db transaction never commits' warnings from /xfer in cases where it response to invalid inputs from the remote (found via libfossil testing).
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: bb8604921caf24e83b7f42459cda3d58c26e5efe30b9b2c1862ee20892ef9b0f
User & Date: stephan 2025-06-22 09:32:07.028
Context
2025-06-22
10:35
(Grammar) Correction for diffcmd help text. ... (check-in: e879d1ef user: brickviking tags: trunk)
09:32
Resolve two 'db transaction never commits' warnings from /xfer in cases where it response to invalid inputs from the remote (found via libfossil testing). ... (check-in: bb860492 user: stephan tags: trunk)
2025-06-20
23:16
Add new link-tester cases. ... (check-in: 96c0fc9e user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/xfer.c.
1521
1522
1523
1524
1525
1526
1527

1528
1529
1530
1531
1532
1533
1534
        int seqno, max;
        if( iVers>=3 ){
          cgi_set_content_type("application/x-fossil-uncompressed");
        }
        blob_is_int(&xfer.aToken[2], &seqno);
        if( seqno<=0 ){
          xfer_fatal_error("invalid clone sequence number");

          return;
        }
        max = db_int(0, "SELECT max(rid) FROM blob");
        while( xfer.mxSend>(int)blob_size(xfer.pOut) && seqno<=max){
          if( time(NULL) >= xfer.maxTime ) break;
          if( iVers>=3 ){
            send_compressed_file(&xfer, seqno);






>







1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
        int seqno, max;
        if( iVers>=3 ){
          cgi_set_content_type("application/x-fossil-uncompressed");
        }
        blob_is_int(&xfer.aToken[2], &seqno);
        if( seqno<=0 ){
          xfer_fatal_error("invalid clone sequence number");
          db_rollback_transaction();
          return;
        }
        max = db_int(0, "SELECT max(rid) FROM blob");
        while( xfer.mxSend>(int)blob_size(xfer.pOut) && seqno<=max){
          if( time(NULL) >= xfer.maxTime ) break;
          if( iVers>=3 ){
            send_compressed_file(&xfer, seqno);
1596
1597
1598
1599
1600
1601
1602

1603
1604
1605
1606
1607
1608
1609
    */
    if( blob_eq(&xfer.aToken[0],"config") && xfer.nToken==3
        && blob_is_int(&xfer.aToken[2], &size) ){
      const char *zName = blob_str(&xfer.aToken[1]);
      Blob content;
      if( size<0 ){
        xfer_fatal_error("invalid config record");

        return;
      }
      blob_zero(&content);
      blob_extract(xfer.pIn, size, &content);
      if( !g.perm.Admin ){
        cgi_reset_content();
        @ error not\sauthorized\sto\spush\sconfiguration%s(whyNotAuth())






>







1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
    */
    if( blob_eq(&xfer.aToken[0],"config") && xfer.nToken==3
        && blob_is_int(&xfer.aToken[2], &size) ){
      const char *zName = blob_str(&xfer.aToken[1]);
      Blob content;
      if( size<0 ){
        xfer_fatal_error("invalid config record");
        db_rollback_transaction();
        return;
      }
      blob_zero(&content);
      blob_extract(xfer.pIn, size, &content);
      if( !g.perm.Admin ){
        cgi_reset_content();
        @ error not\sauthorized\sto\spush\sconfiguration%s(whyNotAuth())