-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/serv panics on git ssh command to non-existent/unauthorized repo #7457
Comments
aswild
added a commit
to aswild/gitea
that referenced
this issue
Jul 13, 2019
Regression in 356854f, where a log.Fatal call was removed. log.Fatal calls os.Exit(1) as intended, but without it the fail() function returns normally and execution continues past the fatal error, causing a panic. This is visible as a go panic log and stack trace returned to the SSH client, which is not only ugly, it leaks server and build system information. Fix by removing the stray return statement so that the fail() function always calls os.Exit(1). Fixes: go-gitea#7457 Signed-off-by: Allen Wild <[email protected]>
aswild
added a commit
to aswild/gitea
that referenced
this issue
Jul 13, 2019
Regression in 356854f, where a log.Fatal call was removed. log.Fatal calls os.Exit(1) as intended, but without it the fail() function returns normally and execution continues past the fatal error, causing a panic. This is visible as a go panic log and stack trace returned to the SSH client, which is not only ugly, it leaks server and build system information. Fix by removing the stray return statement so that the fail() function always calls os.Exit(1). Fixes: go-gitea#7457 Signed-off-by: Allen Wild <[email protected]>
zeripath
pushed a commit
that referenced
this issue
Jul 13, 2019
Regression in 356854f, where a log.Fatal call was removed. log.Fatal calls os.Exit(1) as intended, but without it the fail() function returns normally and execution continues past the fatal error, causing a panic. This is visible as a go panic log and stack trace returned to the SSH client, which is not only ugly, it leaks server and build system information. Fix by removing the stray return statement so that the fail() function always calls os.Exit(1). Fixes: #7457 Signed-off-by: Allen Wild <[email protected]>
aswild
added a commit
to aswild/gitea
that referenced
this issue
Jul 14, 2019
Regression in 356854f, where a log.Fatal call was removed. log.Fatal calls os.Exit(1) as intended, but without it the fail() function returns normally and execution continues past the fatal error, causing a panic. This is visible as a go panic log and stack trace returned to the SSH client, which is not only ugly, it leaks server and build system information. Fix by removing the stray return statement so that the fail() function always calls os.Exit(1). Backport: 2186a99 Fixes: go-gitea#7457 Signed-off-by: Allen Wild <[email protected]>
lunny
pushed a commit
that referenced
this issue
Jul 14, 2019
Regression in 356854f, where a log.Fatal call was removed. log.Fatal calls os.Exit(1) as intended, but without it the fail() function returns normally and execution continues past the fatal error, causing a panic. This is visible as a go panic log and stack trace returned to the SSH client, which is not only ugly, it leaks server and build system information. Fix by removing the stray return statement so that the fail() function always calls os.Exit(1). Backport: 2186a99 Fixes: #7457 Signed-off-by: Allen Wild <[email protected]>
jeffliu27
pushed a commit
to jeffliu27/gitea
that referenced
this issue
Jul 18, 2019
Regression in 356854f, where a log.Fatal call was removed. log.Fatal calls os.Exit(1) as intended, but without it the fail() function returns normally and execution continues past the fatal error, causing a panic. This is visible as a go panic log and stack trace returned to the SSH client, which is not only ugly, it leaks server and build system information. Fix by removing the stray return statement so that the fail() function always calls os.Exit(1). Fixes: go-gitea#7457 Signed-off-by: Allen Wild <[email protected]>
aswild
added a commit
to aswild/gitea
that referenced
this issue
Jul 20, 2019
Regression in 356854f, where a log.Fatal call was removed. log.Fatal calls os.Exit(1) as intended, but without it the fail() function returns normally and execution continues past the fatal error, causing a panic. This is visible as a go panic log and stack trace returned to the SSH client, which is not only ugly, it leaks server and build system information. Fix by removing the stray return statement so that the fail() function always calls os.Exit(1). Fixes: go-gitea#7457 Signed-off-by: Allen Wild <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
The serv command panics when trying to run a git SSH command on a non-existent or unauthorized repo. A go panic and stack trace is returned to the client, leaking server and build system information.
This looks like a regression in 356854fc5. The
log.GitLogger.Fatal
call used runos.Exit(1)
to exit the serv command, but when that was removed, the function continues normally after the fatal error, causing a panic.The text was updated successfully, but these errors were encountered: