From: Brandon Casey <bcasey@nvidia.com>
To: <git@vger.kernel.org>
Cc: <gitster@pobox.com>, <peff@peff.net>, <daniel@haxx.se>,
Brandon Casey <drafnel@gmail.com>
Subject: [PATCH v2] http.c: don't rewrite the user:passwd string multiple times
Date: Tue, 18 Jun 2013 19:43:49 -0700 [thread overview]
Message-ID: <1371609829-31813-1-git-send-email-bcasey@nvidia.com> (raw)
In-Reply-To: <CA+sFfMcsOx14UdzLF_JsgkpUQU6yG7DE+00eA3d+Lo-qncDgew@mail.gmail.com>
From: Brandon Casey <drafnel@gmail.com>
Curl older than 7.17 (RHEL 4.X provides 7.12 and RHEL 5.X provides
7.15) requires that we manage any strings that we pass to it as
pointers. So, we really shouldn't be modifying this strbuf after we
have passed it to curl.
Our interaction with curl is currently safe (before or after this
patch) since the pointer that is passed to curl is never invalidated;
it is repeatedly rewritten with the same sequence of characters but
the strbuf functions never need to allocate a larger string, so the
same memory buffer is reused.
This "guarantee" of safety is somewhat subtle and could be overlooked
by someone who may want to add a more complex handling of the username
and password. So, let's stop modifying this strbuf after we have
passed it to curl, but also leave a note to describe the assumptions
that have been made about username/password lifetime and to draw
attention to the code.
Signed-off-by: Brandon Casey <drafnel@gmail.com>
---
http.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/http.c b/http.c
index 92aba59..2d086ae 100644
--- a/http.c
+++ b/http.c
@@ -228,9 +228,15 @@ static void init_curl_http_auth(CURL *result)
#else
{
static struct strbuf up = STRBUF_INIT;
- strbuf_reset(&up);
- strbuf_addf(&up, "%s:%s",
- http_auth.username, http_auth.password);
+ /*
+ * Note that we assume we only ever have a single set of
+ * credentials in a given program run, so we do not have
+ * to worry about updating this buffer, only setting its
+ * initial value.
+ */
+ if (!up.len)
+ strbuf_addf(&up, "%s:%s",
+ http_auth.username, http_auth.password);
curl_easy_setopt(result, CURLOPT_USERPWD, up.buf);
}
#endif
--
1.8.3.1.440.gc2bf105
next prev parent reply other threads:[~2013-06-19 2:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-18 2:00 [PATCH] http.c: don't rewrite the user:passwd string multiple times Brandon Casey
2013-06-18 4:15 ` Eric Sunshine
2013-06-18 5:19 ` Jeff King
2013-06-18 6:36 ` Daniel Stenberg
2013-06-18 15:32 ` Junio C Hamano
2013-06-18 19:29 ` Brandon Casey
2013-06-18 22:13 ` Jeff King
2013-06-19 2:41 ` Brandon Casey
2013-06-19 2:43 ` Brandon Casey [this message]
2013-06-19 5:26 ` [PATCH v2] " Jeff King
2013-06-19 7:40 ` [PATCH] " Daniel Stenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1371609829-31813-1-git-send-email-bcasey@nvidia.com \
--to=bcasey@nvidia.com \
--cc=daniel@haxx.se \
--cc=drafnel@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).