From: Jonathan Nieder <jrnieder@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: "Jeff King" <peff@peff.net>,
"Carlo Marcelo Arenas Belón" <carenas@gmail.com>,
git@vger.kernel.org, dirk@ed4u.de, sunshine@sunshineco.com,
"Stefan Tauner" <stefan.tauner@gmx.at>
Subject: Re: [PATCH v3] git-credential-store: skip empty lines and comments from store
Date: Mon, 27 Apr 2020 22:25:10 -0700 [thread overview]
Message-ID: <20200428052510.GA201501@google.com> (raw)
In-Reply-To: <xmqqv9lk7j7p.fsf@gitster.c.googlers.com>
Junio C Hamano wrote:
> -- >8 --
> Subject: credential-store: document the file format a bit more
>
> Reading a malformed credential URL line and silently ignoring it
> does not mean that we promise to torelate and/or keep empty lines
> and "# commented" lines forever.
>
> Some people seem to take anything that is not explicitly forbidden
> as allowed, but the world does not work that way.
>
> Signed-off-by: Junio C Hamano <gitster@pobox.com>
> ---
> Documentation/git-credential-store.txt | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/Documentation/git-credential-store.txt b/Documentation/git-credential-store.txt
> index 693dd9d9d7..76b0798856 100644
> --- a/Documentation/git-credential-store.txt
> +++ b/Documentation/git-credential-store.txt
> @@ -94,6 +94,10 @@ stored on its own line as a URL like:
> https://user:pass@example.com
> ------------------------------
>
> +No other kinds of lines (e.g. empty lines or comment lines) are
> +allowed in the file, even though some may be silently ignored. Do
> +not view or edit the file with editors.
> +
> When Git needs authentication for a particular URL context,
I like this.
I do suspect this is easy to run into accidentally. In $DAYJOB (in
the context of [1]) there was a service that accidentally wrote a \n\n
at the end of a line that was used by git-credential-store. Once the
cause was tracked down, it was straightforward to fix, but I don't
like the idea that others in a similar position may end up tempted to
just not upgrade Git.
Independently, there is the thread we are replying to.
Independently, in Debian's bug tracking system, Stefan (cc-ed)
reports[2]:
| the vulnerability in CVE-2020-11008 is related to the handling
| of credential helpers in git. In Buster this has been fixed in
| 1:2.20.1-2+deb10u3. This broke my existing configuration where
| repositories have credential.helper=store set. This is
| documented in /usr/share/man/man1/git-credential-store.1.gz
| and other files from git, git-doc etc.
| I am unsure how to proceed... is this helper now unsupported?
(Stefan, do you have more details? Did you manually populate your
credential store? What error message do you get?)
I wonder if in addition to the above documentation change we may want
something guaranteed to catch all cases where people would have
experienced a regression, like
diff --git i/credential-store.c w/credential-store.c
index c010497cb21..294e7716815 100644
--- i/credential-store.c
+++ w/credential-store.c
@@ -24,8 +24,8 @@ static int parse_credential_file(const char *fn,
}
while (strbuf_getline_lf(&line, fh) != EOF) {
- credential_from_url(&entry, line.buf);
- if (entry.username && entry.password &&
+ if (!credential_from_url_gently(&entry, line.buf, 1) &&
+ entry.username && entry.password &&
credential_match(c, &entry)) {
found_credential = 1;
if (match_cb) {
And then we can tighten the handling of unrecognized lines to first
warn and then error out, as a controlled change that doesn't lead
people to regret updating git.
Thoughts?
Thanks,
Jonathan
[1] https://cs.opensource.google/copybara/copybara/+/master:java/com/google/copybara/git/GitOptions.java;drc=bc79a0b1ffe18f79dea0b75ba3a24b641a50a9fc;l=46
[2] https://bugs.debian.org/958929
next prev parent reply other threads:[~2020-04-28 5:25 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-26 23:47 [PATCH] git-credential-store: skip empty lines and comments from store Carlo Marcelo Arenas Belón
2020-04-27 0:19 ` Eric Sunshine
2020-04-27 0:46 ` Carlo Marcelo Arenas Belón
2020-04-27 8:42 ` [PATCH v2] " Carlo Marcelo Arenas Belón
2020-04-27 11:52 ` Jeff King
2020-04-27 12:25 ` Carlo Marcelo Arenas Belón
2020-04-27 14:43 ` Eric Sunshine
2020-04-27 17:47 ` Junio C Hamano
2020-04-27 19:09 ` Jeff King
2020-04-27 12:59 ` [PATCH v3] " Carlo Marcelo Arenas Belón
2020-04-27 13:48 ` Philip Oakley
2020-04-28 1:49 ` Carlo Marcelo Arenas Belón
2020-04-29 10:09 ` Philip Oakley
2020-04-27 15:39 ` Dirk
2020-04-27 18:09 ` Junio C Hamano
2020-04-27 19:18 ` Jeff King
2020-04-27 20:43 ` Junio C Hamano
2020-04-27 21:10 ` Jeff King
2020-04-28 1:37 ` Carlo Marcelo Arenas Belón
2020-04-27 23:49 ` Carlo Marcelo Arenas Belón
2020-04-28 5:25 ` Jonathan Nieder [this message]
2020-04-28 5:41 ` Jeff King
2020-04-28 7:18 ` Carlo Marcelo Arenas Belón
2020-04-28 8:16 ` Jeff King
2020-04-28 11:25 ` Carlo Marcelo Arenas Belón
2020-04-28 10:58 ` Stefan Tauner
2020-04-28 16:03 ` Junio C Hamano
2020-04-28 21:14 ` Carlo Marcelo Arenas Belón
2020-04-28 21:17 ` Junio C Hamano
2020-04-28 10:48 ` [PATCH v4 0/4] credential-store: prevent fatal errors Carlo Marcelo Arenas Belón
2020-04-28 10:52 ` [PATCH v4 1/4] credential-store: document the file format a bit more Carlo Marcelo Arenas Belón
2020-04-28 10:52 ` [PATCH v4 2/4] git-credential-store: skip empty lines and comments from store Carlo Marcelo Arenas Belón
2020-04-28 16:09 ` Eric Sunshine
2020-04-28 16:42 ` Carlo Marcelo Arenas Belón
2020-04-28 10:52 ` [PATCH v4 3/4] git-credential-store: fix (WIP) Carlo Marcelo Arenas Belón
2020-04-28 16:11 ` Eric Sunshine
2020-04-28 17:14 ` Carlo Marcelo Arenas Belón
2020-04-28 10:52 ` [PATCH v4 4/4] credential-store: make sure there is no regression with missing scheme Carlo Marcelo Arenas Belón
2020-04-28 16:06 ` [PATCH v4 1/4] credential-store: document the file format a bit more Eric Sunshine
2020-04-28 18:18 ` Junio C Hamano
2020-04-28 18:15 ` Junio C Hamano
2020-04-29 0:33 ` [PATCH v5] credential-store: warn instead of fatal for bogus lines from store Carlo Marcelo Arenas Belón
2020-04-29 4:36 ` Junio C Hamano
2020-04-29 7:31 ` Carlo Marcelo Arenas Belón
2020-04-29 16:46 ` Junio C Hamano
2020-04-29 20:35 ` [RFC PATCH v6 0/2] credential-store: prevent fatal errors Carlo Marcelo Arenas Belón
2020-04-29 20:35 ` [RFC PATCH v6 1/2] credential-store: warn instead of fatal for bogus lines from store Carlo Marcelo Arenas Belón
2020-04-29 21:05 ` Junio C Hamano
2020-04-29 21:17 ` Junio C Hamano
2020-04-29 20:35 ` [RFC PATCH v6 2/2] credential-store: warn for any incomplete credentials instead of using Carlo Marcelo Arenas Belón
2020-04-29 21:12 ` Junio C Hamano
2020-04-29 21:49 ` [RFC PATCH v6 2/2] credential-store: warn for any incomplete credentials instead of usingy Carlo Marcelo Arenas Belón
2020-04-29 22:04 ` Junio C Hamano
2020-04-29 23:23 ` [PATCH v6] credential-store: warn instead of fatal for bogus lines from store Carlo Marcelo Arenas Belón
2020-04-29 23:47 ` Junio C Hamano
2020-04-29 23:57 ` Junio C Hamano
2020-04-30 1:00 ` Carlo Marcelo Arenas Belón
2020-04-30 1:19 ` [PATCH v7] " Carlo Marcelo Arenas Belón
2020-04-30 9:29 ` [PATCH v8] " Carlo Marcelo Arenas Belón
2020-04-30 16:06 ` [PATCH v9] " Carlo Marcelo Arenas Belón
2020-04-30 20:21 ` Junio C Hamano
2020-04-30 21:14 ` Junio C Hamano
2020-05-01 0:30 ` Carlo Marcelo Arenas Belón
2020-05-01 1:40 ` Junio C Hamano
2020-05-01 2:24 ` Carlo Arenas
2020-05-01 5:27 ` Junio C Hamano
2020-05-01 13:57 ` Carlo Marcelo Arenas Belón
2020-05-01 18:59 ` Junio C Hamano
2020-05-01 3:21 ` [RFC PATCH v10] credential-store: warn/ignore for bogus lines from store file Carlo Marcelo Arenas Belón
2020-05-01 5:18 ` [RFC PATCH v10 2/1] credential-store: warn also for store and erase Carlo Marcelo Arenas Belón
2020-05-01 5:35 ` Junio C Hamano
2020-05-02 18:16 ` [PATCH v10] credential-store: ignore bogus lines from store file Carlo Marcelo Arenas Belón
2020-05-02 20:47 ` Junio C Hamano
2020-05-02 21:23 ` Carlo Marcelo Arenas Belón
2020-05-02 21:53 ` Carlo Marcelo Arenas Belón
2020-05-03 0:44 ` Junio C Hamano
2020-05-03 10:06 ` Jeff King
2020-05-02 21:05 ` Carlo Marcelo Arenas Belón
2020-05-02 22:34 ` [PATCH v11] " Carlo Marcelo Arenas Belón
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200428052510.GA201501@google.com \
--to=jrnieder@gmail.com \
--cc=carenas@gmail.com \
--cc=dirk@ed4u.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=stefan.tauner@gmx.at \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.