Re: contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string

[Jeff King <peff@peff.net>]

On Mon, Aug 26, 2013 at 08:56:23PM -0700, Junio C Hamano wrote:

> Antoine Pelisse <apelisse@gmail.com> writes:
> 
> > I've tried to use the netrc credential with git-send-email
> > (v1.8.4-rc2), and I've had the following log (running with -d -v):
> 
> Peff what do you think?  From credential layer's point of view, I
> think we make it totally up to the helper to decide if a request
> matches what it supports, and if a particular helper wants to make
> sure it is asked for a specific protocol, that is an OK thing to do,
> but it feels unnecessarily unfriendly and treating missing proto
> specification as a wildcard to talk to the specified host over any
> protocol may not hurt, I would think.

Right. It is up to the credential helper to map git's request into
whatever storage it has. So I think the right answer is whatever is
normal and expected for netrc.

Unfortunately that is not really a standardized format. The original
netrc was ftp-only, and did not have a port or protocol field at all.
Programs like curl extend it automatically to http, and just googling
around seems to show other programs using it for imap and smtp. So I
think there is some precedence in simply treating a missing "port" field
as "match any port/protocol" on the machine.

The upside is that it is convenient for the user. The downside is that
we might accidentally send a password to a service that the user does
not expect, which could compromise security. It would at least be on the
matching host, but the protocol might not be as secure as the one the
user intended (e.g., smtp without starttls, when the password was meant
to only go over imap-over-ssl).

So I'm on the fence. It is very unlikely to be a bad thing, but if it
is, it may expose user passwords in cleartext. If we are going to keep
the current behavior, it probably needs to be documented, and certainly:

> > Use of uninitialized value $_[2] in printf at
> > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc
> > line 419.
> > compare protocol [] to [smtp] (entry: password=secret,
> > username=apelisse@gmail.com, host=smtp.gmail.com:587)
> > Use of uninitialized value in string eq at
> > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc
> > line 378.

...these should more cleanly handle the missing field.

-Peff