| Message ID | 20210907150105.2690121-1-martin@martin.st |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel,fateserver] Move validation of parsed slot/date into split_header from load_report | expand |
| Context | Check | Description |
|---|---|---|
| andriy/configurex86 | warning | Failed to apply patch |
| andriy/configureppc | warning | Failed to apply patch |
Martin Storsjo (12021-09-07): > This avoids using tainted data in the call to zcat in the main loop > in index.cgi. > > This fixes the report listing for cases with a compile error. > --- > FATE.pm | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) That is even better, thanks. Applied and deployed. Regards,
Nicolas George: > Martin Storsjo (12021-09-07): >> This avoids using tainted data in the call to zcat in the main loop >> in index.cgi. >> >> This fixes the report listing for cases with a compile error. >> --- >> FATE.pm | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > > That is even better, thanks. Applied and deployed. > > Regards, > It works! Thanks to you and Martin for your efforts in bringing the fateserver back. - Andreas
diff --git a/FATE.pm b/FATE.pm index ccb8958..0d4603f 100644 --- a/FATE.pm +++ b/FATE.pm @@ -52,6 +52,8 @@ our $gitweb = "http://git.videolan.org/?p=ffmpeg.git"; sub split_header { my @hdr = split /:/, $_[0]; $hdr[0] eq 'fate' or return undef; + ($hdr[2]) = $hdr[2] =~ /^([0-9]{1,80})\z/ or return undef; + ($hdr[3]) = $hdr[3] =~ /^([A-Za-z0-9_\-.]{1,80})\z/ or return undef; my $parsed = { version => $hdr[1], date => $hdr[2], @@ -147,8 +149,6 @@ sub load_summary { sub load_report { my ($slot, $date) = @_; - ($slot) = $slot =~ /^([A-Za-z0-9_\-.]{1,80})\z/ or exit 1; - ($date) = $date =~ /^([0-9]{1,80})\z/ or exit 1; my $report = "$fatedir/$slot/$date/report.xz"; my @recs;