Fossil

Differences From Artifact [18a06326d0]:

• File src/http_transport.c — part of check-in [e882081f8d] at 2018-07-31 20:34:13 on branch fork-backoffice — Use the fork() system call (when available) to start backoffice, in an attempt to avoid unseemly delays in upstream. (user: drh size: 13237) [more...]

To Artifact [342be272b0]:

• File src/http_transport.c — part of check-in [70a94d0972] at 2019-07-16 20:02:48 on branch trunk — Code cleanup: Add a lot of "const" qualifiers for static (string) arrays, where appropriate. This allows the C compiler to optimize more (user: jan.nijtmans size: 13243)

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

/*
** Check zFossil to see if it is a reasonable "fossil" command to
** run on the server.  Do not allow an attacker to substitute something
** like "/bin/rm".
*/
static int is_safe_fossil_command(const char *zFossil){
  static const char *azSafe[] = { "*/fossil", "*/echo" };
  int i;
  for(i=0; i<sizeof(azSafe)/sizeof(azSafe[0]); i++){
    if( sqlite3_strglob(azSafe[i], zFossil)==0 ) return 1;
    if( strcmp(azSafe[i]+2, zFossil)==0 ) return 1;
  }
  return 0;
}

|

78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

/*
** Check zFossil to see if it is a reasonable "fossil" command to
** run on the server.  Do not allow an attacker to substitute something
** like "/bin/rm".
*/
static int is_safe_fossil_command(const char *zFossil){
  static const char *const azSafe[] = { "*/fossil", "*/echo" };
  int i;
  for(i=0; i<sizeof(azSafe)/sizeof(azSafe[0]); i++){
    if( sqlite3_strglob(azSafe[i], zFossil)==0 ) return 1;
    if( strcmp(azSafe[i]+2, zFossil)==0 ) return 1;
  }
  return 0;
}