From ee4a19365eed098e43f1850d8f0326f9805ab669 Mon Sep 17 00:00:00 2001 From: Sebastian Sdorra Date: Thu, 1 Jun 2017 16:07:18 +0200 Subject: [PATCH] fix possible stackoverflow in git request handling --- .../java/sonia/scm/web/ScmGitServlet.java | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/ScmGitServlet.java b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/ScmGitServlet.java index 89d9c4b034..6b3e41b27e 100644 --- a/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/ScmGitServlet.java +++ b/scm-plugins/scm-git-plugin/src/main/java/sonia/scm/web/ScmGitServlet.java @@ -95,6 +95,7 @@ public class ScmGitServlet extends GitServlet * @param repositoryViewer * @param repositoryProvider * @param repositoryRequestListenerUtil + * @param lfsServletFactory */ @Inject public ScmGitServlet(GitRepositoryResolver repositoryResolver, @@ -164,22 +165,19 @@ public class ScmGitServlet extends GitServlet * */ private void handleRequest(HttpServletRequest request, HttpServletResponse response, Repository repository) throws ServletException, IOException { - logger.trace("--- Repository is: {}", repository.getName()); if (isLfsBatchApiRequest(request, repository.getName())) { logger.trace("--- detected LFS Batch API Request"); - HttpServlet servlet = lfsServletFactory.createProtocolServletFor(repository, request); - handleGitRequest(servlet, request, response, repository); + handleGitLfsRequest(request, response, repository); } else if (isLfsFileTransferRequest(request, repository.getName())) { logger.trace("--- detected LFS File Transfer Request"); - HttpServlet servlet = lfsServletFactory.createFileLfsServletFor(repository, request); - handleGitRequest(servlet, request, response, repository); + handleGitLfsRequest(request, response, repository); } else if (isRegularGitAPIRequest(request)) { logger.trace("--- seems to be regular Git HTTP backend request: {}", request.getRequestURI()); // continue with the regular git Backend - handleGitRequest(this, request, response, repository); + handleRegularGitRequest(request, response, repository); } else { renderHtmlRepositryOverview(request, response); } @@ -189,7 +187,8 @@ public class ScmGitServlet extends GitServlet return HttpUtil.getStrippedURI(request).matches(REGEX_GITHTTPBACKEND); } - private void handleGitRequest(HttpServlet servlet, HttpServletRequest request, HttpServletResponse response, Repository repository) throws ServletException, IOException { + private void handleGitLfsRequest(HttpServletRequest request, HttpServletResponse response, Repository repository) throws ServletException, IOException { + HttpServlet servlet = lfsServletFactory.createProtocolServletFor(repository, request); if (repositoryRequestListenerUtil.callListeners(request, response, repository)) { servlet.service(request, response); } else if (logger.isDebugEnabled()) { @@ -197,6 +196,14 @@ public class ScmGitServlet extends GitServlet } } + private void handleRegularGitRequest(HttpServletRequest request, HttpServletResponse response, Repository repository) throws ServletException, IOException { + if (repositoryRequestListenerUtil.callListeners(request, response, repository)) { + super.service(request, response); + } else if (logger.isDebugEnabled()) { + logger.debug("request aborted by repository request listener"); + } + } + /** * This method renders basic information about the repository into the response. The result is meant to be viewed by