From d63ed6ef241b2e7f124089e2672cfce8251ed390 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Wed, 7 Sep 2016 16:06:42 -0400 Subject: [PATCH] remote-curl: handle URLs without protocol Generally remote-curl would never see a URL that did not have "proto:" at the beginning, as that is what tells git to run the "git-remote-proto" helper (and git-remote-http, etc, are aliases for git-remote-curl). However, the special syntax "proto::something" will run git-remote-proto with only "something" as the URL. So a malformed URL like: http::/example.com/repo.git will feed the URL "/example.com/repo.git" to git-remote-http. The resulting URL has no protocol, but the code added by 372370f (http: use credential API to handle proxy authentication, 2016-01-26) does not handle this case and segfaults. For the purposes of this code, we don't really care what the exact protocol; only whether or not it is https. So let's just assume that a missing protocol is not, and curl will handle the real error (which is that the URL is nonsense). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- http.c | 2 +- t/t5550-http-fetch-dumb.sh | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/http.c b/http.c index 1044f9ba0e..057f250b9c 100644 --- a/http.c +++ b/http.c @@ -590,7 +590,7 @@ static CURL *get_curl_handle(void) * precedence here, as in CURL. */ if (!curl_http_proxy) { - if (!strcmp(http_auth.protocol, "https")) { + if (http_auth.protocol && !strcmp(http_auth.protocol, "https")) { var_override(&curl_http_proxy, getenv("HTTPS_PROXY")); var_override(&curl_http_proxy, getenv("https_proxy")); } else { diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh index 64146352ae..9249140f99 100755 --- a/t/t5550-http-fetch-dumb.sh +++ b/t/t5550-http-fetch-dumb.sh @@ -250,5 +250,13 @@ test_expect_success 'git client does not send an empty Accept-Language' ' ! grep "^Accept-Language:" stderr ' +test_expect_success 'remote-http complains cleanly about malformed urls' ' + # do not actually issue "list" or other commands, as we do not + # want to rely on what curl would actually do with such a broken + # URL. This is just about making sure we do not segfault during + # initialization. + test_must_fail git remote-http http::/example.com/repo.git +' + stop_httpd test_done -- 2.40.0