Sync with 2.45.3
* maint-2.45: Git 2.45.3 Git 2.44.3 Git 2.43.6 Git 2.42.4 Git 2.41.3 Git 2.40.4 credential: disallow Carriage Returns in the protocol by default credential: sanitize the user prompt credential_format(): also encode <host>[:<port>] t7300: work around platform-specific behaviour with long paths on MinGW compat/regex: fix argument order to calloc(3) mingw: drop bogus (and unneeded) declaration of `_pgmptr` ci: remove 'Upload failed tests' directories' step from linux32 jobs
This commit is contained in:
Johannes Schindelin
51
credential.c
51
credential.c
@ -10,7 +10,7 @@
|
||||
#include "sigchain.h"
|
||||
#include "strbuf.h"
|
||||
#include "urlmatch.h"
|
||||
#include "git-compat-util.h"
|
||||
#include "environment.h"
|
||||
|
||||
void credential_init(struct credential *c)
|
||||
{
|
||||
@ -125,6 +125,10 @@ static int credential_config_callback(const char *var, const char *value,
|
||||
}
|
||||
else if (!strcmp(key, "usehttppath"))
|
||||
c->use_http_path = git_config_bool(var, value);
|
||||
else if (!strcmp(key, "sanitizeprompt"))
|
||||
c->sanitize_prompt = git_config_bool(var, value);
|
||||
else if (!strcmp(key, "protectprotocol"))
|
||||
c->protect_protocol = git_config_bool(var, value);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -222,7 +226,8 @@ static void credential_format(struct credential *c, struct strbuf *out)
|
||||
strbuf_addch(out, '@');
|
||||
}
|
||||
if (c->host)
|
||||
strbuf_addstr(out, c->host);
|
||||
strbuf_add_percentencode(out, c->host,
|
||||
STRBUF_ENCODE_HOST_AND_PORT);
|
||||
if (c->path) {
|
||||
strbuf_addch(out, '/');
|
||||
strbuf_add_percentencode(out, c->path, 0);
|
||||
@ -236,7 +241,10 @@ static char *credential_ask_one(const char *what, struct credential *c,
|
||||
struct strbuf prompt = STRBUF_INIT;
|
||||
char *r;
|
||||
|
||||
credential_describe(c, &desc);
|
||||
if (c->sanitize_prompt)
|
||||
credential_format(c, &desc);
|
||||
else
|
||||
credential_describe(c, &desc);
|
||||
if (desc.len)
|
||||
strbuf_addf(&prompt, "%s for '%s': ", what, desc.buf);
|
||||
else
|
||||
@ -355,7 +363,8 @@ int credential_read(struct credential *c, FILE *fp,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void credential_write_item(FILE *fp, const char *key, const char *value,
|
||||
static void credential_write_item(const struct credential *c,
|
||||
FILE *fp, const char *key, const char *value,
|
||||
int required)
|
||||
{
|
||||
if (!value && required)
|
||||
@ -364,6 +373,10 @@ static void credential_write_item(FILE *fp, const char *key, const char *value,
|
||||
return;
|
||||
if (strchr(value, '\n'))
|
||||
die("credential value for %s contains newline", key);
|
||||
if (c->protect_protocol && strchr(value, '\r'))
|
||||
die("credential value for %s contains carriage return\n"
|
||||
"If this is intended, set `credential.protectProtocol=false`",
|
||||
key);
|
||||
fprintf(fp, "%s=%s\n", key, value);
|
||||
}
|
||||
|
||||
@ -371,34 +384,34 @@ void credential_write(const struct credential *c, FILE *fp,
|
||||
enum credential_op_type op_type)
|
||||
{
|
||||
if (credential_has_capability(&c->capa_authtype, op_type))
|
||||
credential_write_item(fp, "capability[]", "authtype", 0);
|
||||
credential_write_item(c, fp, "capability[]", "authtype", 0);
|
||||
if (credential_has_capability(&c->capa_state, op_type))
|
||||
credential_write_item(fp, "capability[]", "state", 0);
|
||||
credential_write_item(c, fp, "capability[]", "state", 0);
|
||||
|
||||
if (credential_has_capability(&c->capa_authtype, op_type)) {
|
||||
credential_write_item(fp, "authtype", c->authtype, 0);
|
||||
credential_write_item(fp, "credential", c->credential, 0);
|
||||
credential_write_item(c, fp, "authtype", c->authtype, 0);
|
||||
credential_write_item(c, fp, "credential", c->credential, 0);
|
||||
if (c->ephemeral)
|
||||
credential_write_item(fp, "ephemeral", "1", 0);
|
||||
credential_write_item(c, fp, "ephemeral", "1", 0);
|
||||
}
|
||||
credential_write_item(fp, "protocol", c->protocol, 1);
|
||||
credential_write_item(fp, "host", c->host, 1);
|
||||
credential_write_item(fp, "path", c->path, 0);
|
||||
credential_write_item(fp, "username", c->username, 0);
|
||||
credential_write_item(fp, "password", c->password, 0);
|
||||
credential_write_item(fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
|
||||
credential_write_item(c, fp, "protocol", c->protocol, 1);
|
||||
credential_write_item(c, fp, "host", c->host, 1);
|
||||
credential_write_item(c, fp, "path", c->path, 0);
|
||||
credential_write_item(c, fp, "username", c->username, 0);
|
||||
credential_write_item(c, fp, "password", c->password, 0);
|
||||
credential_write_item(c, fp, "oauth_refresh_token", c->oauth_refresh_token, 0);
|
||||
if (c->password_expiry_utc != TIME_MAX) {
|
||||
char *s = xstrfmt("%"PRItime, c->password_expiry_utc);
|
||||
credential_write_item(fp, "password_expiry_utc", s, 0);
|
||||
credential_write_item(c, fp, "password_expiry_utc", s, 0);
|
||||
free(s);
|
||||
}
|
||||
for (size_t i = 0; i < c->wwwauth_headers.nr; i++)
|
||||
credential_write_item(fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
|
||||
credential_write_item(c, fp, "wwwauth[]", c->wwwauth_headers.v[i], 0);
|
||||
if (credential_has_capability(&c->capa_state, op_type)) {
|
||||
if (c->multistage)
|
||||
credential_write_item(fp, "continue", "1", 0);
|
||||
credential_write_item(c, fp, "continue", "1", 0);
|
||||
for (size_t i = 0; i < c->state_headers_to_send.nr; i++)
|
||||
credential_write_item(fp, "state[]", c->state_headers_to_send.v[i], 0);
|
||||
credential_write_item(c, fp, "state[]", c->state_headers_to_send.v[i], 0);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user