* Re: segfault in http.c when https URL is mistyped
2016-09-07 13:44 ` segfault in http.c when https URL is mistyped Lars Wendler
@ 2016-09-07 20:06 ` Jeff King
2016-09-07 20:11 ` Jeff King
0 siblings, 1 reply; 3+ messages in thread
From: Jeff King @ 2016-09-07 20:06 UTC (permalink / raw)
To: Lars Wendler; +Cc: Junio C Hamano, Knut Franke, git, Robin H. Johnson, lekto
On Wed, Sep 07, 2016 at 03:44:04PM +0200, Lars Wendler wrote:
> we at Gentoo got a bug report [1] about git-remote-https segfaulting
> when the URL has been mistyped.
> This seems to only be triggered when git was compiled with curl
> support:
>
> git clone https::/some.example-site.net/test.git
Thanks, this was easy to reproduce. It's a regression in v2.8.0. The fix
is below.
-- >8 --
Subject: [PATCH] remote-curl: handle URLs without protocol
Generally remote-curl would never see a URL that did not
have "proto:" at the beginning, as that is what tells git to
run the "git-remote-proto" helper (and git-remote-http, etc,
are aliases for git-remote-curl).
However, the special syntax "proto::something" will run
git-remote-proto with only "something" as the URL. So a
malformed URL like:
http::/example.com/repo.git
will feed the URL "/example.com/repo.git" to
git-remote-http. The resulting URL has no protocol, but the
code added by 372370f (http: use credential API to handle
proxy authentication, 2016-01-26) does not handle this case
and segfaults.
For the purposes of this code, we don't really care what the
exact protocol; only whether or not it is https. So let's
just assume that a missing protocol is not, and curl will
handle the real error (which is that the URL is nonsense).
Signed-off-by: Jeff King <peff@peff.net>
---
I looked around for other similar over-assumptions about the URL parsing
but didn't see any.
http.c | 2 +-
t/t5550-http-fetch-dumb.sh | 8 ++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/http.c b/http.c
index cd40b01..edce47c 100644
--- a/http.c
+++ b/http.c
@@ -723,7 +723,7 @@ static CURL *get_curl_handle(void)
* precedence here, as in CURL.
*/
if (!curl_http_proxy) {
- if (!strcmp(http_auth.protocol, "https")) {
+ if (http_auth.protocol && !strcmp(http_auth.protocol, "https")) {
var_override(&curl_http_proxy, getenv("HTTPS_PROXY"));
var_override(&curl_http_proxy, getenv("https_proxy"));
} else {
diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
index 3484b6f..01bb633 100755
--- a/t/t5550-http-fetch-dumb.sh
+++ b/t/t5550-http-fetch-dumb.sh
@@ -299,5 +299,13 @@ test_expect_success 'git client does not send an empty Accept-Language' '
! grep "^Accept-Language:" stderr
'
+test_expect_success 'remote-http complains cleanly about malformed urls' '
+ # do not actually issue "list" or other commands, as we do not
+ # want to rely on what curl would actually do with such a broken
+ # URL. This is just about making sure we do not segfault during
+ # initialization.
+ test_must_fail git remote-http http::/example.com/repo.git
+'
+
stop_httpd
test_done
--
2.10.0.rc2.154.gb4a4b8b
^ permalink raw reply related [flat|nested] 3+ messages in thread