commit a0bd573d20ed11633bbc4cc476bcfd7823f9773a
from: Omar Polo <op@omarpolo.com>
via: Thomas Adam <thomas@xteddy.org>
date: Thu Jun 15 11:27:15 2023 UTC

gotwebd.conf: range-check numeric values and raise errors

commit - ee003af8b92eb150d8de536c512a0bed7e2c64fd
commit + a0bd573d20ed11633bbc4cc476bcfd7823f9773a
blob - 55fc35dcc50c282329b49affd123735f77cac0ba
blob + 1acab5342ac9ce5a65c040435a3c5665567b1206
--- gotwebd/parse.y
+++ gotwebd/parse.y
@@ -171,7 +171,13 @@ boolean		: STRING {
 			free($1);
 		}
 		| ON { $$ = 1; }
-		| NUMBER { $$ = $1; }
+		| NUMBER {
+			if ($1 != 0 && $1 != 1) {
+				yyerror("invalid boolean value '%lld'", $1);
+				YYERROR;
+			}
+			$$ = $1;
+		}
 		;
 
 fcgiport	: PORT NUMBER {
@@ -196,6 +202,11 @@ fcgiport	: PORT NUMBER {
 		;
 
 main		: PREFORK NUMBER {
+			if ($2 <= 0 || $2 > PROC_MAX_INSTANCES) {
+				yyerror("prefork is %s: %lld",
+				    $2 <= 0 ? "too small" : "too large", $2);
+				YYERROR;
+			}
 			gotwebd->prefork_gotwebd = $2;
 		}
 		| CHROOT STRING {
@@ -359,8 +370,11 @@ serveropts1	: REPOS_PATH STRING {
 			free($4);
 		}
 		| MAX_REPOS NUMBER {
-			if ($2 > 0)
-				new_srv->max_repos = $2;
+			if ($2 <= 0) {
+				yyerror("max_repos is too small: %lld", $2);
+				YYERROR;
+			}
+			new_srv->max_repos = $2;
 		}
 		| SHOW_SITE_OWNER boolean {
 			new_srv->show_site_owner = $2;
@@ -381,7 +395,12 @@ serveropts1	: REPOS_PATH STRING {
 			new_srv->respect_exportok = $2;
 		}
 		| MAX_REPOS_DISPLAY NUMBER {
-				new_srv->max_repos_display = $2;
+			if ($2 <= 0) {
+				yyerror("max_repos_display is too small: %lld",
+				    $2);
+				YYERROR;
+			}
+			new_srv->max_repos_display = $2;
 		}
 		| MAX_COMMITS_DISPLAY NUMBER {
 			if ($2 <= 1) {