[mapserver-commits] [MapServer/MapServer] dcc774: msCGILoadMap(): do not load file pointed by CONTEX...
Even Rouault
noreply at github.com
Tue Jan 3 12:09:59 PST 2023
Branch: refs/heads/branch-8-0
Home: https://github.com/MapServer/MapServer
Commit: dcc7749cd55b605b49365552620a98daaa0ca9bc
https://github.com/MapServer/MapServer/commit/dcc7749cd55b605b49365552620a98daaa0ca9bc
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2023-01-03 (Tue, 03 Jan 2023)
Changed paths:
M mapcontext.c
M mapows.h
M mapservutil.c
Log Message:
-----------
msCGILoadMap(): do not load file pointed by CONTEXT= unless it validates new MS_CONTEXT_PATTERN configuration option (and doesn't validate MS_CONTEXT_BAD_PATTERN) (fixes #6779)
Commit: a755ae811b9a26df042be247e9695c48462e07f7
https://github.com/MapServer/MapServer/commit/a755ae811b9a26df042be247e9695c48462e07f7
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2023-01-03 (Tue, 03 Jan 2023)
Changed paths:
M msautotest/etc/mapserv.conf
A msautotest/wxs/expected/ows_context_caps.xml
A msautotest/wxs/ows_context.map
A msautotest/wxs/ows_context.xml
Log Message:
-----------
msautotest: add a test for CONTEXT= loading (refs #6779)
Commit: b65b1dbec4603e55877fa5aff8c243956903afa2
https://github.com/MapServer/MapServer/commit/b65b1dbec4603e55877fa5aff8c243956903afa2
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2023-01-03 (Tue, 03 Jan 2023)
Changed paths:
M mapcontext.c
Log Message:
-----------
msGetMapContextFileText(): add sanity check on file size (refs #6779)
Commit: 036e8dd7cd5f9eaeda1242358d682ab04a16498a
https://github.com/MapServer/MapServer/commit/036e8dd7cd5f9eaeda1242358d682ab04a16498a
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2023-01-03 (Tue, 03 Jan 2023)
Changed paths:
M .github/workflows/start.sh
M msautotest/etc/mapserv.conf
Log Message:
-----------
CI: check that we can't load a OWS context file if MS_CONTEXT_PATTERN is not defined (refs #6779)
Commit: 98aa59e00a9008ced7089b5b5b9381fd6edcfb8b
https://github.com/MapServer/MapServer/commit/98aa59e00a9008ced7089b5b5b9381fd6edcfb8b
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2023-01-03 (Tue, 03 Jan 2023)
Changed paths:
M mapcontext.c
Log Message:
-----------
msLoadMapContextGeneral(): fix memory leaks
Commit: 9bac6407b5a83002a8cc4ca92bc7ee32e1fed90b
https://github.com/MapServer/MapServer/commit/9bac6407b5a83002a8cc4ca92bc7ee32e1fed90b
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2023-01-03 (Tue, 03 Jan 2023)
Changed paths:
M mapcontext.c
M mapserver.h
Log Message:
-----------
msLoadMapContext(): add validation of filename against MS_CONTEXTFILE_PATTERN, which defaults to .xml extension
Commit: a9dabaf5249800eba01999a56a2c379d0dc03c87
https://github.com/MapServer/MapServer/commit/a9dabaf5249800eba01999a56a2c379d0dc03c87
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2023-01-03 (Tue, 03 Jan 2023)
Changed paths:
M .github/workflows/start.sh
M mapcontext.c
M mapows.h
M mapserver.h
M mapservutil.c
M msautotest/etc/mapserv.conf
A msautotest/wxs/expected/ows_context_caps.xml
A msautotest/wxs/ows_context.map
A msautotest/wxs/ows_context.xml
Log Message:
-----------
Merge pull request #6782 from MapServer/backport-6780-to-branch-8-0
[Backport branch-8-0] Fix information disclosure and denial of service related to CONTEXT= loading
Compare: https://github.com/MapServer/MapServer/compare/38a41bd5b85f...a9dabaf52498
More information about the MapServer-commits
mailing list