Skip to content

cmd/serv panics on git ssh command to non-existent/unauthorized repo #7457

New issue
New issue
Closed
#7458
Closed
cmd/serv panics on git ssh command to non-existent/unauthorized repo#7457
#7458
@aswild

Description

@aswild
aswild
opened on Jul 13, 2019
  • Gitea version (or commit ref): master (50d8d17)
  • Git version: n/a
  • Operating system: Linux
  • Database: n/a
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL) See description
    • No
    • Not relevant
  • Log gist:

Description

The serv command panics when trying to run a git SSH command on a non-existent or unauthorized repo. A go panic and stack trace is returned to the client, leaking server and build system information.

% git ls-remote ssh://[email protected]/aswild/test1 
31430109d60ef9dfe85d38b278c997d5db4285d2        HEAD
31430109d60ef9dfe85d38b278c997d5db4285d2        refs/heads/master

% git ls-remote ssh://[email protected]/aswild/invalid
Gitea: Unauthorized
Cannot find repository aswild/invalid
Gitea: Internal Server Error
Cannot find repository aswild/invalid
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x16531b9]

goroutine 1 [running]:
code.gitea.io/gitea/cmd.runServ(0xc0000cadc0, 0x0, 0x0)
        /go/src/code.gitea.io/gitea/cmd/serv.go:188 +0xa69
github.com/urfave/cli.HandleAction(0x18add20, 0x291ed90, 0xc0000cadc0, 0xc0007f0600, 0x0)
        /go/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:490 +0xc8
github.com/urfave/cli.Command.Run(0x1b22ea2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b8bc2b, 0x2f, 0x0, ...)
        /go/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/command.go:210 +0x996
github.com/urfave/cli.(*App).Run(0xc0007fe1a0, 0xc00003c0c0, 0x4, 0x4, 0x0, 0x0)
        /go/src/code.gitea.io/gitea/vendor/github.com/urfave/cli/app.go:255 +0x6af
main.main()
        /go/src/code.gitea.io/gitea/main.go:109 +0x811
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

This looks like a regression in 356854fc5. The log.GitLogger.Fatal call used run os.Exit(1) to exit the serv command, but when that was removed, the function continues normally after the fatal error, causing a panic.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions