git/http.c, branch v2.4.11Mirror of https://git.kernel.org/pub/scm/git/git.git/
https://www.git.shady.money/git/atom?h=v2.4.112015-09-28T22:28:31ZSync with 2.3.102015-09-28T22:28:31ZJunio C Hamanogitster@pobox.com2015-09-28T22:28:26Zurn:sha1:6343e2f6f271cf344ea8e7384342502faecaf37chttp: limit redirection depth2015-09-25T22:32:28ZBlake Burkhartbburky@bburky.com2015-09-22T22:06:20Zurn:sha1:b258116462399b318c86165c61a5c7123043cfd4
By default, libcurl will follow circular http redirects
forever. Let's put a cap on this so that somebody who can
trigger an automated fetch of an arbitrary repository (e.g.,
for CI) cannot convince git to loop infinitely.
The value chosen is 20, which is the same default that
Firefox uses.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http: limit redirection to protocol-whitelist2015-09-25T22:30:39ZBlake Burkhartbburky@bburky.com2015-09-22T22:06:04Zurn:sha1:f4113cac0c88b4f36ee6f3abf3218034440a68e3
Previously, libcurl would follow redirection to any protocol
it was compiled for support with. This is desirable to allow
redirection from HTTP to HTTPS. However, it would even
successfully allow redirection from HTTP to SFTP, a protocol
that git does not otherwise support at all. Furthermore
git's new protocol-whitelisting could be bypassed by
following a redirect within the remote helper, as it was
only enforced at transport selection time.
This patch limits redirects within libcurl to HTTP, HTTPS,
FTP and FTPS. If there is a protocol-whitelist present, this
list is limited to those also allowed by the whitelist. As
redirection happens from within libcurl, it is impossible
for an HTTP redirect to a protocol implemented within
another remote helper.
When the curl version git was compiled with is too old to
support restrictions on protocol redirection, we warn the
user if GIT_ALLOW_PROTOCOL restrictions were requested. This
is a little inaccurate, as even without that variable in the
environment, we would still restrict SFTP, etc, and we do
not warn in that case. But anything else means we would
literally warn every time git accesses an http remote.
This commit includes a test, but it is not as robust as we
would hope. It redirects an http request to ftp, and checks
that curl complained about the protocol, which means that we
are relying on curl's specific error message to know what
happened. Ideally we would redirect to a working ftp server
and confirm that we can clone without protocol restrictions,
and not with them. But we do not have a portable way of
providing an ftp server, nor any other protocol that curl
supports (https is the closest, but we would have to deal
with certificates).
[jk: added test and version warning]
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http: always use any proxy auth method available2015-06-29T16:57:43ZEnrique TobisEnrique.Tobis@twosigma.com2015-06-26T18:19:04Zurn:sha1:5841520b034ab08f132f7d066a19163a9e3d4c07
We set CURLOPT_PROXYAUTH to use the most secure authentication
method available only when the user has set configuration variables
to specify a proxy. However, libcurl also supports specifying a
proxy through environment variables. In that case libcurl defaults
to only using the Basic proxy authentication method, because we do
not use CURLOPT_PROXYAUTH.
Set CURLOPT_PROXYAUTH to always use the most secure authentication
method available, even when there is no git configuration telling us
to use a proxy. This allows the user to use environment variables to
configure a proxy that requires an authentication method different
from Basic.
Signed-off-by: Enrique A. Tobis <etobis@twosigma.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
http: release the memory of a http pack request as well2015-03-24T19:36:10ZStefan Bellersbeller@google.com2015-03-21T00:28:06Zurn:sha1:826aed50cbb072d8f159e4c8ba0f9bd3df21a234
The cleanup function is used in 4 places now and it's always safe to
free up the memory as well.
Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'ye/http-accept-language'2015-03-06T23:02:25ZJunio C Hamanogitster@pobox.com2015-03-06T23:02:24Zurn:sha1:74c91d1f7a1e7848a3614c1c5031755bfa5e80e1
Compilation fix for a recent topic in 'master'.
* ye/http-accept-language:
gettext.c: move get_preferred_languages() from http.c
gettext.c: move get_preferred_languages() from http.c2015-02-26T22:09:20ZJeff Kingpeff@peff.net2015-02-26T03:04:16Zurn:sha1:93f7d9108a0edf808e1e3bbcdbe6078310c22f9e
Calling setlocale(LC_MESSAGES, ...) directly from http.c, without
including <locale.h>, was causing compilation warnings. Move the
helper function to gettext.c that already includes the header and
where locale-related issues are handled.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'tc/missing-http-proxyauth'2015-02-25T23:40:12ZJunio C Hamanogitster@pobox.com2015-02-25T23:40:12Zurn:sha1:90eea883fd86a272a32c7d5f363445776e0680e2
We did not check the curl library version before using
CURLOPT_PROXYAUTH feature that may not exist.
* tc/missing-http-proxyauth:
http: support curl < 7.10.7
Merge branch 'jk/dumb-http-idx-fetch-fix' into maint2015-02-25T06:10:37ZJunio C Hamanogitster@pobox.com2015-02-25T06:10:37Zurn:sha1:117c1b333da05e87a35ea73756518abe52407d84
A broken pack .idx file in the receiving repository prevented the
dumb http transport from fetching a good copy of it from the other
side.
* jk/dumb-http-idx-fetch-fix:
dumb-http: do not pass NULL path to parse_pack_index
Merge branch 'ye/http-accept-language'2015-02-18T19:44:57ZJunio C Hamanogitster@pobox.com2015-02-18T19:44:57Zurn:sha1:f18e3896f7e3fd8de060aa37d9e35387a3b9282b
Using environment variable LANGUAGE and friends on the client side,
HTTP-based transports now send Accept-Language when making requests.
* ye/http-accept-language:
http: add Accept-Language header if possible