Merge branch '34259-project-denial-of-service-via-gitmodules-fix' into 'master'

Fixes project denial of service via gitmodules using Extended ASCII.

Closes #34259

See merge request gitlab-org/gitlab-ce!14301

app/helpers/submodule_helper.rb

@@ -87,10 +87,14 @@ module SubmoduleHelper
       namespace = @project.namespace.full_path
     end
 
-    [
+    begin
-      namespace_project_path(namespace, base),
+      [
-      namespace_project_tree_path(namespace, base, commit)
+        namespace_project_path(namespace, base),
-    ]
+        namespace_project_tree_path(namespace, base, commit)
+      ]
+    rescue ActionController::UrlGenerationError
+      [nil, nil]
+    end
   end
 
   def sanitize_submodule_url(url)

changelogs/unreleased/34259-project-denial-of-service-via-gitmodules-fix.yml

@@ -0,0 +1,5 @@
+---
+title: Fixes project denial of service via gitmodules using Extended ASCII.
+merge_request: 14301
+author:
+type: fixed

spec/helpers/submodule_helper_spec.rb

@@ -147,6 +147,12 @@ describe SubmoduleHelper do
         expect(helper.submodule_links(submodule_item)).to eq([nil, nil])
       end
 
+      it 'sanitizes invalid URL with extended ASCII' do
+        stub_url('é')
+
+        expect(helper.submodule_links(submodule_item)).to eq([nil, nil])
+      end
+
       it 'returns original' do
         stub_url('http://mygitserver.com/gitlab-org/gitlab-ce')
         expect(submodule_links(submodule_item)).to eq([repo.submodule_url_for, nil])