From 7bad76b8137ba3c89d23155d2906c84431a6093d Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Tue, 6 Oct 2020 19:39:48 -0700
Subject: [PATCH] git-daemon-verify: validate supplied "host=" hostname

By default require a "host=" extra parameter to be sent by git-daemon
clients (Git has done so since v1.4.0, 2006-06-10) that matches the
hostname configured into $Girocco::Config::gitpullurl or is a variant
of localhost.

Various options are available in Girocco/Config.pm to alter this
default behavior.

If $Girocco::Config::gitpullurl has not been set then no "host="
extended arg will be required or matched by default.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
 bin/git-daemon-verify | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/bin/git-daemon-verify b/bin/git-daemon-verify
index bae5ac7..06ecbb7 100755
--- a/bin/git-daemon-verify
+++ b/bin/git-daemon-verify
@@ -106,6 +106,15 @@ if [ "${hnam+set}" = "set" ]; then
 	[ "${pnum+set}" != "set" ] || hostport="$hostport:$pnum"
 fi
 
+# Validate the host name if requested
+if [ -z "$cfg_git_daemon_any_host" ] && [ -n "$cfg_git_daemon_host_list" ]; then
+	case " $cfg_git_daemon_host_list " in *" $hnam "*);;*)
+		logmsg "denied ${request#git-}${hostport+ host=$hostport}"
+		denied
+		exit 1
+	esac
+fi
+
 # The request should look like one of the following
 #
 #   git-upload-pack /dir
-- 
2.11.4.GIT