1 files changed, 37 insertions, 0 deletions

diff --git a/development/cgit/patches/0012-ui-shared-don-t-print-path-crumbs-without-a-repo.patch b/development/cgit/patches/0012-ui-shared-don-t-print-path-crumbs-without-a-repo.patch
new file mode 100644
index 0000000000..99af79c4ba
--- /dev/null
+++ b/development/cgit/patches/0012-ui-shared-don-t-print-path-crumbs-without-a-repo.patch
@@ -0,0 +1,37 @@
+From 1b4ef6783a71962f8b5da3a23f2830f0f0f55ea0 Mon Sep 17 00:00:00 2001
+From: John Keeping <john@keeping.me.uk>
+Date: Sun, 19 Feb 2017 12:27:48 +0000
+Subject: [PATCH 12/15] ui-shared: don't print path crumbs without a repo
+
+cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo
+is non-null.  Currently we don't have any commands that set want_vpath
+without also setting want_repo so it shouldn't be possible to fail this
+test, but the check in cgit.c is in the wrong order so it is possible to
+specify a query string like "?p=log&path=foo/bar" to end up here without
+a valid repository.
+
+This was found by American fuzzy lop [0].
+
+[0] http://lcamtuf.coredump.cx/afl/
+
+Signed-off-by: John Keeping <john@keeping.me.uk>
+---
+ ui-shared.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ui-shared.c b/ui-shared.c
+index 2e4fcd9..e5c9a02 100644
+--- a/ui-shared.c
++++ b/ui-shared.c
+@@ -1039,7 +1039,7 @@ void cgit_print_pageheader(void)
+ 		free(currenturl);
+ 	}
+ 	html("</td></tr></table>\n");
+-	if (ctx.env.authenticated && ctx.qry.vpath) {
++	if (ctx.env.authenticated && ctx.repo && ctx.qry.vpath) {
+ 		html("<div class='path'>");
+ 		html("path: ");
+ 		cgit_print_path_crumbs(ctx.qry.vpath);
+-- 
+2.14.1
+