Closed
Description
Description
The function getPostgreSQLConnectionString in modules/setting/database.go parse the dbhost, and it works like:
host, port := parsePostgreSQLHostPort(dbHost)
if host[0] == '/' { // looks like a unix socket
...
but it just split host-string with :. If the provided host-string starts with :, the host will be "", and it will trigger an error like index out of range [0] with length 0
The poc is here:
package main
import "code.gitea.io/gitea/modules/setting"
func main() {
setting.Database.Type = "postgres"
setting.Database.Host = ":00000"
_, _ = setting.DBConnStr()
}And it crashed as :
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
code.gitea.io/gitea/modules/setting.getPostgreSQLConnectionString({0x744b0d, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x743130, 0x1}, ...)
/home/zjx/workspace/gowork/src/go-fdg-exmaples/gitea/modules/setting/database.go:158 +0x410
code.gitea.io/gitea/modules/setting.DBConnStr()
/home/zjx/workspace/gowork/src/go-fdg-exmaples/gitea/modules/setting/database.go:122 +0x5e9
main.main()
/home/zjx/workspace/gowork/src/go-fdg-exmaples/gitea/modules/setting/pocTest_getPostgreSQL/main.go:8 +0x8a
exit status 2Gitea Version
with git commit as ee769f7
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
I test the API in Gitea through go-fuzz
Database
No response