libgit2: validate URL max length

The major Git SaaS providers have repository URLs for both HTTP and SSH that tops around 250 characters in length. The limits chosen were a lot higher to align with use cases in which users may have on-premise servers with long domain names and paths. For SSH the validation is around path length only, which is now limited to 4096 characters, which is at the higher end of the range in Linux. For HTTP the validation is around the full URL provided by the caller. Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-04-07 05:42:15 +01:00 · 2022-04-07 05:42:15 +01:00 · d86f0a280a
parent 54d0794d19
commit d86f0a280a
2 changed files with 16 additions and 5 deletions
--- a/pkg/git/libgit2/managed/http.go
+++ b/pkg/git/libgit2/managed/http.go
@ -171,6 +171,10 @@ func createClientRequest(targetUrl string, action git2go.SmartServiceAction, t *
 		}
 	}

+	if len(finalUrl) > 2048 {
+		return nil, nil, fmt.Errorf("URL exceeds the max length (2048)")
+	}
+
 	client := &http.Client{
 		Transport: t,
 		Timeout:   fullHttpClientTimeOut,
--- a/pkg/git/libgit2/managed/ssh.go
+++ b/pkg/git/libgit2/managed/ssh.go
@ -125,12 +125,19 @@ func (t *sshSmartSubtransport) Action(urlString string, action git2go.SmartServi
 		return nil, err
 	}

-	// Escape \ and '.
-	uPath := strings.Replace(u.Path, `\`, `\\`, -1)
-	uPath = strings.Replace(uPath, `'`, `\'`, -1)
+	if len(u.Path) > 4096 {
+		return nil, fmt.Errorf("path exceeds the max length (4096)")
+	}

-	// TODO: Add percentage decode similar to libgit2.
-	// Refer: https://github.com/libgit2/libgit2/blob/358a60e1b46000ea99ef10b4dd709e92f75ff74b/src/str.c#L455-L481
+	// decode URI's path
+	uPath, err := url.PathUnescape(u.Path)
+	if err != nil {
+		return nil, err
+	}
+
+	// Escape \ and '.
+	uPath = strings.Replace(uPath, `\`, `\\`, -1)
+	uPath = strings.Replace(uPath, `'`, `\'`, -1)

 	var cmd string
 	switch action {