Sync with 2.40.2
* maint-2.40: (39 commits) Git 2.40.2 Git 2.39.4 fsck: warn about symlink pointing inside a gitdir core.hooksPath: add some protection while cloning init.templateDir: consider this config setting protected clone: prevent hooks from running during a clone Add a helper function to compare file contents init: refactor the template directory discovery into its own function find_hook(): refactor the `STRIP_EXTENSION` logic clone: when symbolic links collide with directories, keep the latter entry: report more colliding paths t5510: verify that D/F confusion cannot lead to an RCE submodule: require the submodule path to contain directories only clone_submodule: avoid using `access()` on directories submodules: submodule paths must not contain symlinks clone: prevent clashing git dirs when cloning submodule in parallel t7423: add tests for symlinked submodule directories has_dir_name(): do not get confused by characters < '/' docs: document security issues around untrusted .git dirs upload-pack: disable lazy-fetching by default ...
This commit is contained in:
Johannes Schindelin
38
http.c
38
http.c
@ -736,18 +736,43 @@ static int redact_sensitive_header(struct strbuf *header, size_t offset)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int match_curl_h2_trace(const char *line, const char **out)
|
||||
{
|
||||
const char *p;
|
||||
|
||||
/*
|
||||
* curl prior to 8.1.0 gives us:
|
||||
*
|
||||
* h2h3 [<header-name>: <header-val>]
|
||||
*
|
||||
* Starting in 8.1.0, the first token became just "h2".
|
||||
*/
|
||||
if (skip_iprefix(line, "h2h3 [", out) ||
|
||||
skip_iprefix(line, "h2 [", out))
|
||||
return 1;
|
||||
|
||||
/*
|
||||
* curl 8.3.0 uses:
|
||||
* [HTTP/2] [<stream-id>] [<header-name>: <header-val>]
|
||||
* where <stream-id> is numeric.
|
||||
*/
|
||||
if (skip_iprefix(line, "[HTTP/2] [", &p)) {
|
||||
while (isdigit(*p))
|
||||
p++;
|
||||
if (skip_prefix(p, "] [", out))
|
||||
return 1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Redact headers in info */
|
||||
static void redact_sensitive_info_header(struct strbuf *header)
|
||||
{
|
||||
const char *sensitive_header;
|
||||
|
||||
/*
|
||||
* curl's h2h3 prints headers in info, e.g.:
|
||||
* h2h3 [<header-name>: <header-val>]
|
||||
*/
|
||||
if (trace_curl_redact &&
|
||||
(skip_iprefix(header->buf, "h2h3 [", &sensitive_header) ||
|
||||
skip_iprefix(header->buf, "h2 [", &sensitive_header))) {
|
||||
match_curl_h2_trace(header->buf, &sensitive_header)) {
|
||||
if (redact_sensitive_header(header, sensitive_header - header->buf)) {
|
||||
/* redaction ate our closing bracket */
|
||||
strbuf_addch(header, ']');
|
||||
@ -1425,6 +1450,7 @@ struct active_request_slot *get_active_slot(void)
|
||||
curl_easy_setopt(slot->curl, CURLOPT_READFUNCTION, NULL);
|
||||
curl_easy_setopt(slot->curl, CURLOPT_WRITEFUNCTION, NULL);
|
||||
curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDS, NULL);
|
||||
curl_easy_setopt(slot->curl, CURLOPT_POSTFIELDSIZE, -1L);
|
||||
curl_easy_setopt(slot->curl, CURLOPT_UPLOAD, 0);
|
||||
curl_easy_setopt(slot->curl, CURLOPT_HTTPGET, 1);
|
||||
curl_easy_setopt(slot->curl, CURLOPT_FAILONERROR, 1);
|
||||
|
||||
Reference in New Issue
Block a user