diff options
| author | Junio C Hamano <gitster@pobox.com> | 2020-04-22 13:43:01 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2020-04-22 13:43:01 -0700 |
| commit | a397e9c236b0ff56eb15f32a2a41c852b1e5dd3b (patch) | |
| tree | f9f4f596a2e9a5647684c9d8086b05859dc7f614 | |
| parent | d6d561db1c0a14e8b89149694c0c662096c5fc9d (diff) | |
| parent | 4c5971e18a181c68aec03262fb467cb5d21a5b0d (diff) | |
| download | git-a397e9c236b0ff56eb15f32a2a41c852b1e5dd3b.tar.gz | |
Merge branch 'jk/credential-parsing-end-of-host-in-URL'
Parsing of URL for the credential helper has been corrected.
* jk/credential-parsing-end-of-host-in-URL:
credential: treat "?" and "#" in URLs as end of host
| -rw-r--r-- | credential.c | 9 | ||||
| -rwxr-xr-x | t/t0300-credentials.sh | 36 |
2 files changed, 43 insertions, 2 deletions
diff --git a/credential.c b/credential.c index 108d9e183a..064e25e5d5 100644 --- a/credential.c +++ b/credential.c @@ -399,7 +399,14 @@ int credential_from_url_gently(struct credential *c, const char *url, cp = proto_end + 3; at = strchr(cp, '@'); colon = strchr(cp, ':'); - slash = strchrnul(cp, '/'); + + /* + * A query or fragment marker before the slash ends the host portion. + * We'll just continue to call this "slash" for simplicity. Notably our + * "trim leading slashes" part won't skip over this part of the path, + * but that's what we'd want. + */ + slash = cp + strcspn(cp, "/?#"); if (!at || slash <= at) { /* Case (1) */ diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh index 5555a1524f..48484cbcf6 100755 --- a/t/t0300-credentials.sh +++ b/t/t0300-credentials.sh @@ -532,7 +532,7 @@ test_expect_success 'url parser rejects embedded newlines' ' url=https://one.example.com?%0ahost=two.example.com/ EOF cat >expect <<-\EOF && - warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/ + warning: url contains a newline in its path component: https://one.example.com?%0ahost=two.example.com/ fatal: credential url cannot be parsed: https://one.example.com?%0ahost=two.example.com/ EOF test_i18ncmp expect stderr @@ -575,4 +575,38 @@ test_expect_success 'credential system refuses to work with missing protocol' ' test_i18ncmp expect stderr ' +# usage: check_host_and_path <url> <expected-host> <expected-path> +check_host_and_path () { + # we always parse the path component, but we need this to make sure it + # is passed to the helper + test_config credential.useHTTPPath true && + check fill "verbatim user pass" <<-EOF + url=$1 + -- + protocol=https + host=$2 + path=$3 + username=user + password=pass + -- + verbatim: get + verbatim: protocol=https + verbatim: host=$2 + verbatim: path=$3 + EOF +} + +test_expect_success 'url parser handles bare query marker' ' + check_host_and_path https://example.com?foo.git example.com ?foo.git +' + +test_expect_success 'url parser handles bare fragment marker' ' + check_host_and_path https://example.com#foo.git example.com "#foo.git" +' + +test_expect_success 'url parser not confused by encoded markers' ' + check_host_and_path https://example.com%23%3f%2f/foo.git \ + "example.com#?/" foo.git +' + test_done |