[mapserver-commits] [MapServer/MapServer] cd291c: msCGILoadMap(): do not load file pointed by CONTEX...
Even Rouault
noreply at github.com
Tue Jan 3 06:55:50 PST 2023
Branch: refs/heads/main
Home: https://github.com/MapServer/MapServer
Commit: cd291c79b11c2945d1cff6f16710256a0dc2bd9c
https://github.com/MapServer/MapServer/commit/cd291c79b11c2945d1cff6f16710256a0dc2bd9c
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2022-12-30 (Fri, 30 Dec 2022)
Changed paths:
M mapcontext.c
M mapows.h
M mapservutil.c
Log Message:
-----------
msCGILoadMap(): do not load file pointed by CONTEXT= unless it validates new MS_CONTEXT_PATTERN configuration option (and doesn't validate MS_CONTEXT_BAD_PATTERN) (fixes #6779)
Commit: 287347cd1bd803a2c4cbf59ecdb253b5f7bba759
https://github.com/MapServer/MapServer/commit/287347cd1bd803a2c4cbf59ecdb253b5f7bba759
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2022-12-30 (Fri, 30 Dec 2022)
Changed paths:
M msautotest/etc/mapserv.conf
A msautotest/wxs/expected/ows_context_caps.xml
A msautotest/wxs/ows_context.map
A msautotest/wxs/ows_context.xml
Log Message:
-----------
msautotest: add a test for CONTEXT= loading (refs #6779)
Commit: a4325bbf8f5676689395053acc764e43442fa9ab
https://github.com/MapServer/MapServer/commit/a4325bbf8f5676689395053acc764e43442fa9ab
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2022-12-30 (Fri, 30 Dec 2022)
Changed paths:
M mapcontext.c
Log Message:
-----------
msGetMapContextFileText(): add sanity check on file size (refs #6779)
Commit: 4d4ec60b4fb22874fadce7cae712ca841b6b2f53
https://github.com/MapServer/MapServer/commit/4d4ec60b4fb22874fadce7cae712ca841b6b2f53
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2022-12-30 (Fri, 30 Dec 2022)
Changed paths:
M .github/workflows/start.sh
M msautotest/etc/mapserv.conf
Log Message:
-----------
CI: check that we can't load a OWS context file if MS_CONTEXT_PATTERN is not defined (refs #6779)
Commit: 91d073f35c0a287ed0797aa1570ab2d3ecfc6156
https://github.com/MapServer/MapServer/commit/91d073f35c0a287ed0797aa1570ab2d3ecfc6156
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2022-12-30 (Fri, 30 Dec 2022)
Changed paths:
M mapcontext.c
Log Message:
-----------
msLoadMapContextGeneral(): fix memory leaks
Commit: ec06a2effd61309bf49fa25a96a9ce142fcb992a
https://github.com/MapServer/MapServer/commit/ec06a2effd61309bf49fa25a96a9ce142fcb992a
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2022-12-30 (Fri, 30 Dec 2022)
Changed paths:
M mapcontext.c
M mapserver.h
Log Message:
-----------
msLoadMapContext(): add validation of filename against MS_CONTEXTFILE_PATTERN, which defaults to .xml extension
Commit: 27d02c5b6c80b9671b59ba8b988b08a6708ec1c6
https://github.com/MapServer/MapServer/commit/27d02c5b6c80b9671b59ba8b988b08a6708ec1c6
Author: Even Rouault <even.rouault at spatialys.com>
Date: 2023-01-03 (Tue, 03 Jan 2023)
Changed paths:
M .github/workflows/start.sh
M mapcontext.c
M mapows.h
M mapserver.h
M mapservutil.c
M msautotest/etc/mapserv.conf
A msautotest/wxs/expected/ows_context_caps.xml
A msautotest/wxs/ows_context.map
A msautotest/wxs/ows_context.xml
Log Message:
-----------
Merge pull request #6780 from rouault/fix_6779
Fix information disclosure and denial of service related to CONTEXT= loading
Compare: https://github.com/MapServer/MapServer/compare/02eb9727f644...27d02c5b6c80
More information about the MapServer-commits
mailing list