105 lines
3.6 KiB
Diff
105 lines
3.6 KiB
Diff
From e7fab62b736cca3416660636e46f0be8386a5030 Mon Sep 17 00:00:00 2001
|
|
From: Jonathan Nieder <jrnieder@gmail.com>
|
|
Date: Sat, 18 Apr 2020 20:54:57 -0700
|
|
Subject: [PATCH] credential: treat URL with empty scheme as invalid
|
|
|
|
Until "credential: refuse to operate when missing host or protocol",
|
|
Git's credential handling code interpreted URLs with empty scheme to
|
|
mean "give me credentials matching this host for any protocol".
|
|
|
|
Luckily libcurl does not recognize such URLs (it tries to look for a
|
|
protocol named "" and fails). Just in case that changes, let's reject
|
|
them within Git as well. This way, credential_from_url is guaranteed to
|
|
always produce a "struct credential" with protocol and host set.
|
|
|
|
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
|
|
---
|
|
credential.c | 5 ++---
|
|
t/t5550-http-fetch-dumb.sh | 9 +++++++++
|
|
t/t7416-submodule-dash-url.sh | 32 ++++++++++++++++++++++++++++++++
|
|
3 files changed, 43 insertions(+), 3 deletions(-)
|
|
|
|
--- a/credential.c
|
|
+++ b/credential.c
|
|
@@ -360,7 +360,7 @@ int credential_from_url_gently(struct cr
|
|
* (3) proto://<user>:<pass>@<host>/...
|
|
*/
|
|
proto_end = strstr(url, "://");
|
|
- if (!proto_end) {
|
|
+ if (!proto_end || proto_end == url) {
|
|
if (!quiet)
|
|
warning(_("url has no scheme: %s"), url);
|
|
return -1;
|
|
@@ -385,8 +385,7 @@ int credential_from_url_gently(struct cr
|
|
host = at + 1;
|
|
}
|
|
|
|
- if (proto_end - url > 0)
|
|
- c->protocol = xmemdupz(url, proto_end - url);
|
|
+ c->protocol = xmemdupz(url, proto_end - url);
|
|
c->host = url_decode_mem(host, slash - host);
|
|
/* Trim leading and trailing slashes from path */
|
|
while (*slash == '/')
|
|
--- a/t/t5550-http-fetch-dumb.sh
|
|
+++ b/t/t5550-http-fetch-dumb.sh
|
|
@@ -325,6 +325,15 @@ test_expect_success 'remote-http complai
|
|
test_i18ngrep "url has no scheme" stderr
|
|
'
|
|
|
|
+# NEEDSWORK: Writing commands to git-remote-curl can race against the latter
|
|
+# erroring out, producing SIGPIPE. Remove "ok=sigpipe" once transport-helper has
|
|
+# learned to handle early remote helper failures more cleanly.
|
|
+test_expect_success 'remote-http complains cleanly about empty scheme' '
|
|
+ test_must_fail ok=sigpipe git ls-remote \
|
|
+ http::${HTTPD_URL#http}/dumb/repo.git 2>stderr &&
|
|
+ test_i18ngrep "url has no scheme" stderr
|
|
+'
|
|
+
|
|
test_expect_success 'redirects can be forbidden/allowed' '
|
|
test_must_fail git -c http.followRedirects=false \
|
|
clone $HTTPD_URL/dumb-redir/repo.git dumb-redir &&
|
|
--- a/t/t7416-submodule-dash-url.sh
|
|
+++ b/t/t7416-submodule-dash-url.sh
|
|
@@ -92,6 +92,38 @@ test_expect_success 'fsck rejects relati
|
|
grep gitmodulesUrl err
|
|
'
|
|
|
|
+test_expect_success 'fsck rejects empty URL scheme' '
|
|
+ git checkout --orphan empty-scheme &&
|
|
+ cat >.gitmodules <<-\EOF &&
|
|
+ [submodule "foo"]
|
|
+ url = http::://one.example.com/foo.git
|
|
+ EOF
|
|
+ git add .gitmodules &&
|
|
+ test_tick &&
|
|
+ git commit -m "gitmodules with empty URL scheme" &&
|
|
+ test_when_finished "rm -rf dst" &&
|
|
+ git init --bare dst &&
|
|
+ git -C dst config transfer.fsckObjects true &&
|
|
+ test_must_fail git push dst HEAD 2>err &&
|
|
+ grep gitmodulesUrl err
|
|
+'
|
|
+
|
|
+test_expect_success 'fsck rejects relative URL resolving to empty scheme' '
|
|
+ git checkout --orphan relative-empty-scheme &&
|
|
+ cat >.gitmodules <<-\EOF &&
|
|
+ [submodule "foo"]
|
|
+ url = ../../../:://one.example.com/foo.git
|
|
+ EOF
|
|
+ git add .gitmodules &&
|
|
+ test_tick &&
|
|
+ git commit -m "relative gitmodules URL resolving to empty scheme" &&
|
|
+ test_when_finished "rm -rf dst" &&
|
|
+ git init --bare dst &&
|
|
+ git -C dst config transfer.fsckObjects true &&
|
|
+ test_must_fail git push dst HEAD 2>err &&
|
|
+ grep gitmodulesUrl err
|
|
+'
|
|
+
|
|
test_expect_success 'fsck permits embedded newline with unrecognized scheme' '
|
|
git checkout --orphan newscheme &&
|
|
cat >.gitmodules <<-\EOF &&
|
|
--
|
|
1.8.3.1
|
|
|