commit cc18a9041607ade66988adf85046170c984a5793
from: Tracey Emery <tracey@traceyemery.net>
date: Thu Feb 13 23:40:43 2020 UTC

catch invalid actions and git paths earlier in querystring parsing

commit - 6f6f771f7ca7492ff71084ef8c9ccb3eba12cbcd
commit + cc18a9041607ade66988adf85046170c984a5793
blob - e370e12fdb586d62dc52329a892402b253d5f010
blob + 0235b8da6816a386ab956049de1ace696a559d4c
--- gotweb/gotweb.c
+++ gotweb/gotweb.c
@@ -1539,6 +1539,12 @@ gw_load_got_path(struct gw_trans *gw_trans, struct gw_
 		error = got_error_from_errno("strdup");
 		goto errored;
 	}
+
+	dt = opendir(dir_test);
+	if (dt == NULL) {
+		error = got_error(GOT_ERR_NOT_GIT_REPO);
+		goto errored;
+	}
 done:
 	error = gw_get_repo_description(&gw_dir->description, gw_trans,
 	    gw_dir->path);
@@ -1652,6 +1658,7 @@ gw_parse_querystring(struct gw_trans *gw_trans)
 		if (gw_trans->action == -1) {
 			gw_trans->action = GW_ERR;
 			gw_trans->error = got_error_from_errno("bad action");
+			return error;
 		}
 
  		if ((p = gw_trans->gw_req->fieldmap[KEY_COMMIT_ID])) {
@@ -1679,9 +1686,7 @@ gw_parse_querystring(struct gw_trans *gw_trans)
 		if (error)
 			return error;
 
-		error = gw_load_got_path(gw_trans, gw_trans->gw_dir);
-		if (error)
-			return error;
+		gw_trans->error = gw_load_got_path(gw_trans, gw_trans->gw_dir);
 	} else
 		gw_trans->action = GW_INDEX;
 
@@ -1757,6 +1762,10 @@ gw_display_index(struct gw_trans *gw_trans)
 	const struct got_error *error;
 	enum kcgi_err kerr;
 
+	/* catch early querystring errors */
+	if (gw_trans->error)
+		gw_trans->action = GW_ERR;
+
 	error = gw_display_open(gw_trans, KHTTP_200, gw_trans->mime);
 	if (error)
 		return error;