From e7fab62b736cca3416660636e46f0be8386a5030 Mon Sep 17 00:00:00 2001 From: Jonathan Nieder Date: Sat, 18 Apr 2020 20:54:57 -0700 Subject: credential: treat URL with empty scheme as invalid Until "credential: refuse to operate when missing host or protocol", Git's credential handling code interpreted URLs with empty scheme to mean "give me credentials matching this host for any protocol". Luckily libcurl does not recognize such URLs (it tries to look for a protocol named "" and fails). Just in case that changes, let's reject them within Git as well. This way, credential_from_url is guaranteed to always produce a "struct credential" with protocol and host set. Signed-off-by: Jonathan Nieder --- credential.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'credential.c') diff --git a/credential.c b/credential.c index aedb64574d..64a841eddc 100644 --- a/credential.c +++ b/credential.c @@ -357,7 +357,7 @@ int credential_from_url_gently(struct credential *c, const char *url, * (3) proto://:@/... */ proto_end = strstr(url, "://"); - if (!proto_end) { + if (!proto_end || proto_end == url) { if (!quiet) warning(_("url has no scheme: %s"), url); return -1; @@ -382,8 +382,7 @@ int credential_from_url_gently(struct credential *c, const char *url, host = at + 1; } - if (proto_end - url > 0) - c->protocol = xmemdupz(url, proto_end - url); + c->protocol = xmemdupz(url, proto_end - url); c->host = url_decode_mem(host, slash - host); /* Trim leading and trailing slashes from path */ while (*slash == '/') -- cgit v1.2.3