Bail out early if the source array contains an entry with more than 8000 characters. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> --- aurweb/git/update.py | 3 +++ test/t1300-git-update.sh | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/aurweb/git/update.py b/aurweb/git/update.py index af2dfed..3b84eb5 100755 --- a/aurweb/git/update.py +++ b/aurweb/git/update.py @@ -337,6 +337,9 @@ def main(): for field in extract_arch_fields(pkginfo, 'source'): fname = field['value'] + if len(fname) > 8000: + die_commit('source entry too long: {:s}'.format(fname), + str(commit.id)) if "://" in fname or "lp:" in fname: continue if fname not in commit.tree: diff --git a/test/t1300-git-update.sh b/test/t1300-git-update.sh index abab7ea..a65ca3a 100755 --- a/test/t1300-git-update.sh +++ b/test/t1300-git-update.sh @@ -370,6 +370,22 @@ test_expect_success 'Missing source file.' ' grep -q "^error: missing source file: file$" actual ' +test_expect_success 'Pushing .SRCINFO with too long source URL.' ' + old=$(git -C aur.git rev-parse HEAD) && + url="http://$(printf "%7993s" x | sed "s/ /x/g")/" && + test_when_finished "git -C aur.git reset --hard $old" && + ( + cd aur.git && + sed "s#.*depends.*#\\0\\nsource = $url#" .SRCINFO >.SRCINFO.new + mv .SRCINFO.new .SRCINFO + git commit -q -am "Add huge source URL" + ) && + new=$(git -C aur.git rev-parse HEAD) && + AUR_USER=user AUR_PKGBASE=foobar AUR_PRIVILEGED=0 \ + test_must_fail "$GIT_UPDATE" refs/heads/master "$old" "$new" >actual 2>&1 && + grep -q "^error: source entry too long: $url\$" actual +' + test_expect_success 'Pushing a blacklisted package.' ' old=$(git -C aur.git rev-parse HEAD) && test_when_finished "git -C aur.git reset --hard $old" && -- 2.10.0