From: Piotr Szlazak <piotr.szlazak@gmail.com>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org,
"brian m. carlson" <sandals@crustytoothpaste.net>,
Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH/RFC] http.c: cookie file tightening
Date: Wed, 10 Jul 2024 12:35:02 +0200 [thread overview]
Message-ID: <2d76e43e-db79-4572-8f41-60fbbea10af6@gmail.com> (raw)
In-Reply-To: <20240709234941.GA1525171@coredump.intra.peff.net>
On 10.07.2024 01:49, Jeff King wrote:
> On Tue, Jul 09, 2024 at 04:03:48PM -0700, Junio C Hamano wrote:
>
>> The manual pages https://curl.se/libcurl/c/CURLOPT_COOKIEFILE.html
>> and https://curl.se/libcurl/c/CURLOPT_COOKIEJAR.html talk about two
>> interesting special values.
>>
>> * "" (an empty string) given to CURLOPT_COOKIEFILE means not to
>> read cookies from any file upon startup.
>>
>> * It is not specified what "" (an empty string) given to
>> CURLOPT_COOKIEJAR does; presumably open a file whose name is an
>> empty string and write cookies to it? In any case, that is not
>> what we want to see happen, ever.
>>
>> * "-" (a dash) given to CURLOPT_COOKIEFILE makes cURL read cookies
>> from the standard input, and given to CURLOPT_COOKIEJAR makes
>> cURL write cookies to the standard output. Neither of which we
>> want ever to happen.
>>
>> So, let's make sure we avoid these nonsense cases. Specifically,
>> when http.cookies is set to "-", ignore it with a warning, and when
>> it is set to "" and http.savecookies is set, ignore http.savecookies
>> with a warning.
>>
>> [...]
>>
>> * I have no confidence in me doing http correctly, so I am asking
>> from folks who have touched http.c in the past 6 months for help.
> I don't have any experience with any of the cookie options, but your
> explanation here all makes sense. It might be worth including a test,
> though the interesting part is probably how things broke _before_ this
> patch. After it, it's pretty obvious what should happen.
>
> So I'll try to comment from the general http.c perspective.
Hello!
I'm able to perform some checks as I have Git repository behind HAProxy
load balancer which sets HTTP cookie to record which backend should
process consecutive requests.
Indeed, if http.cookieFile='-' is used, git stops and waits for input.
It does *not* work even if I do:
$ echo '/path/to/file' | git -c http.cookieFile='-' ...
On the other hand there is no problem if http.cookieFile='' and
http.saveCookies=true is used together. Git operation is successful. But
if GIT_TRACE_CURL=1 GIT_TRACE_CURL_NO_DATA=1 is enabled, I can see
following warning it the output:
> 12:19:56.280263 http.c:820 == Info: WARNING: failed to save cookies in
It comes from:
https://github.com/curl/curl/blob/master/lib/cookie.c#L1758
But cookies were accepted by the client and sent back to the server.
PS. I'm using Git 2.42.0.
Regards!
--
Piotr Szlazak
>
>> diff --git c/http.c w/http.c
>> index 13fa94bef3..86ccca49f0 100644
>> --- c/http.c
>> +++ w/http.c
>> @@ -1466,7 +1466,16 @@ struct active_request_slot *get_active_slot(void)
>> slot->finished = NULL;
>> slot->callback_data = NULL;
>> slot->callback_func = NULL;
>> +
>> + if (curl_cookie_file && !strcmp(curl_cookie_file, "-")) {
>> + warning(_("refusing to read cookies from http.cookiefile '-'"));
>> + FREE_AND_NULL(curl_cookie_file);
>> + }
>> curl_easy_setopt(slot->curl, CURLOPT_COOKIEFILE, curl_cookie_file);
>> + if (curl_save_cookies && (!curl_cookie_file || !curl_cookie_file[0])) {
>> + curl_save_cookies = 0;
>> + warning(_("ignoring http.savecookies for empty http.cookiefile"));
>> + }
>> if (curl_save_cookies)
>> curl_easy_setopt(slot->curl, CURLOPT_COOKIEJAR, curl_cookie_file);
> This all looks OK to me. A few things I wondered while reading:
>
> - is curl_cookie_file always an allocated string? The answer is yes,
> because it comes from git_config_pathname(). Good.
>
> - get_active_slot() will be called a lot of times, as we reuse the
> curl handles over and over (the "slot" terminology is due to the
> parallelism for dumb-http fetch; smart-http just reuses the one
> handle each time). So is this the best place to put the check?
>
> You actually unset the options when issuing the warning, so we'd
> never see the warning multiple times, even if this code is run
> repeatedly. Good.
>
> I do suspect these curl_easy_setopt() calls for cookies could just
> go into get_curl_handle(), which sets up the handle initially. But
> it's possible there's some subtle reason why they're here, and
> certainly moving them is orthogonal to your goal. And in the
> meantime, putting your new checks alongside the use of the variables
> makes sense.
>
> -Peff
next prev parent reply other threads:[~2024-07-10 10:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-09 23:03 [PATCH/RFC] http.c: cookie file tightening Junio C Hamano
2024-07-09 23:49 ` Jeff King
2024-07-10 10:35 ` Piotr Szlazak [this message]
2024-07-10 16:33 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2d76e43e-db79-4572-8f41-60fbbea10af6@gmail.com \
--to=piotr.szlazak@gmail.com \
--cc=20240709234941.GA1525171@coredump.intra.peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).