proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-05-29 18:38:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Prevent HTTPS to HTTP redirect

Browse Source
This commit is contained in:
Russell Belfer 2013-09-24 14:50:06 -07:00
parent eb0ff13071
commit 46fbc88ee5
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/transports/http.c
View File

@ -287,6 +287,11 @@ static int set_connection_data_from_url(
if (!git__prefixcmp(url, prefix_http)) { if (!git__prefixcmp(url, prefix_http)) {
url = url + strlen(prefix_http); url = url + strlen(prefix_http);
default_port = "80"; default_port = "80";
if (t->use_ssl) {
giterr_set(GITERR_NET, "Redirect from HTTPS to HTTP not allowed");
return -1;
}
} }
if (!git__prefixcmp(url, prefix_https)) { if (!git__prefixcmp(url, prefix_https)) {
@ -324,7 +329,7 @@ static int set_connection_data_from_url(
/* Allow '/'-led urls, or a change of protocol */ /* Allow '/'-led urls, or a change of protocol */
if (original_host != NULL) { if (original_host != NULL) {
if (strcmp(original_host, t->host) && t->location[0] != '/') { if (strcmp(original_host, t->host) && t->location[0] != '/') {
giterr_set(GITERR_NET, "Only same-host redirects are supported"); giterr_set(GITERR_NET, "Cross host redirect not allowed");
error = -1; error = -1;
} }