fix another possible crlf injection, see issue #320

2025-11-12 16:35:45 +01:00 · 2013-01-28 13:20:22 +01:00
parent 500a082a3f
commit e8e288ccf0
3 changed files with 39 additions and 2 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/RepositoryResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/RepositoryResource.java
@@ -793,6 +793,12 @@ public class RepositoryResource

      output = new BrowserStreamingOutput(service, builder, path);

+     /**
+      * protection for crlf injection
+      * see https://bitbucket.org/sdorra/scm-manager/issue/320/crlf-injection-vulnerability-in-diff-api
+      */
+      path = HttpUtil.removeCRLFInjectionChars(path);
+      
      String contentDispositionName = getContentDispositionNameFromPath(path);

      response = Response.ok(output).header("Content-Disposition",
@@ -849,7 +855,7 @@ public class RepositoryResource
    AssertUtil.assertIsNotEmpty(revision);

    /**
-     * HttpUtil.checkForCRLFInjection(revision);
+     * check for a crlf injection attack
     * see https://bitbucket.org/sdorra/scm-manager/issue/320/crlf-injection-vulnerability-in-diff-api
     */
    HttpUtil.checkForCRLFInjection(revision);