[mapserver-commits] [MapServer/MapServer] 1ab19e: msCGILoadMap(): do not load file pointed by CONTEX...

Even Rouault noreply at github.com
Thu Jan 5 09:21:28 PST 2023 

  Branch: refs/heads/branch-7-6
  Home:   https://github.com/MapServer/MapServer
  Commit: 1ab19e72b05aa768d81159c086655660c14830e2
      https://github.com/MapServer/MapServer/commit/1ab19e72b05aa768d81159c086655660c14830e2
  Author: Even Rouault <even.rouault at spatialys.com>
  Date:   2023-01-03 (Tue, 03 Jan 2023)

  Changed paths:
    M mapcontext.c
    M mapows.h
    M mapservutil.c

  Log Message:
  -----------
  msCGILoadMap(): do not load file pointed by CONTEXT= unless it validates new MS_CONTEXT_PATTERN configuration option (and doesn't validate MS_CONTEXT_BAD_PATTERN) (fixes #6779)


  Commit: 1c2b6f8ac9f5a30ed5307c466d19c7b3c682284b
      https://github.com/MapServer/MapServer/commit/1c2b6f8ac9f5a30ed5307c466d19c7b3c682284b
  Author: Even Rouault <even.rouault at spatialys.com>
  Date:   2023-01-03 (Tue, 03 Jan 2023)

  Changed paths:
    A msautotest/wxs/expected/ows_context_caps.xml
    A msautotest/wxs/ows_context.map
    A msautotest/wxs/ows_context.xml

  Log Message:
  -----------
  msautotest: add a test for CONTEXT= loading (refs #6779)


  Commit: 7589699509251dc0cf880daaff144c7967d3b562
      https://github.com/MapServer/MapServer/commit/7589699509251dc0cf880daaff144c7967d3b562
  Author: Even Rouault <even.rouault at spatialys.com>
  Date:   2023-01-03 (Tue, 03 Jan 2023)

  Changed paths:
    M mapcontext.c

  Log Message:
  -----------
  msGetMapContextFileText(): add sanity check on file size (refs #6779)


  Commit: ffb4c723bebf3cede4f0f59f9fdab5cf79f2ac74
      https://github.com/MapServer/MapServer/commit/ffb4c723bebf3cede4f0f59f9fdab5cf79f2ac74
  Author: Even Rouault <even.rouault at spatialys.com>
  Date:   2023-01-03 (Tue, 03 Jan 2023)

  Changed paths:
    M mapcontext.c

  Log Message:
  -----------
  msLoadMapContextGeneral(): fix memory leaks


  Commit: f49a01db3e11b33df705e9139058574b43e833b4
      https://github.com/MapServer/MapServer/commit/f49a01db3e11b33df705e9139058574b43e833b4
  Author: Even Rouault <even.rouault at spatialys.com>
  Date:   2023-01-03 (Tue, 03 Jan 2023)

  Changed paths:
    M mapcontext.c
    M mapserver.h

  Log Message:
  -----------
  msLoadMapContext(): add validation of filename against MS_CONTEXTFILE_PATTERN, which defaults to .xml extension


  Commit: d1c4fa6feafe0d5b7e8950eea0f91967187a08c3
      https://github.com/MapServer/MapServer/commit/d1c4fa6feafe0d5b7e8950eea0f91967187a08c3
  Author: Even Rouault <even.rouault at spatialys.com>
  Date:   2023-01-05 (Thu, 05 Jan 2023)

  Changed paths:
    M mapcontext.c
    M mapows.h
    M mapserver.h
    M mapservutil.c
    A msautotest/wxs/expected/ows_context_caps.xml
    A msautotest/wxs/ows_context.map
    A msautotest/wxs/ows_context.xml

  Log Message:
  -----------
  Merge pull request #6783 from rouault/backport-6780-to-branch-7-6

  [Backport branch-7-6] Fix information disclosure and denial of service related to CONTEXT= loading


Compare: https://github.com/MapServer/MapServer/compare/f6cc8a31075e...d1c4fa6feafe

More information about the MapServer-commits mailing list