diff options
| author | Carlos Martín Nieto <cmn@dwim.me> | 2015-03-03 17:23:01 +0100 |
|---|---|---|
| committer | Carlos Martín Nieto <cmn@dwim.me> | 2015-03-03 18:07:16 +0100 |
| commit | e892b6a92772742e2f30f855e36762b679383fb0 (patch) | |
| tree | a6921ba5dd151c884171057568d4042abcfee070 | |
| parent | 76f034180aee96fcc1fffd5267ccbc6ada68482a (diff) | |
| download | libgit2-cmn/http-enforce-cred.tar.gz | |
http: enforce the credential typescmn/http-enforce-cred
The user may decide to return any type of credential, including ones we
did not say we support. Add a check to make sure the user returned an
object of the right type and error out if not.
| -rw-r--r-- | src/transports/http.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/transports/http.c b/src/transports/http.c index 807e08044..0907afa6d 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -350,6 +350,11 @@ static int on_headers_complete(http_parser *parser) } else { assert(t->cred); + if (!(t->cred->credtype & allowed_auth_types)) { + giterr_set(GITERR_NET, "credentials callback returned an invalid cred type"); + return t->parse_error = PARSE_ERROR_GENERIC; + } + /* Successfully acquired a credential. */ t->parse_error = PARSE_ERROR_REPLAY; return 0; |