signature: prevent angle bracket usage in identity

2026-01-03 21:35:32 +00:00 · 2012-07-05 17:02:03 +02:00 · 2012-07-05 17:02:03 +02:00 · 8aedf1d558
commit 8aedf1d558
parent 118cf57d42
3 changed files with 54 additions and 23 deletions
--- a/include/git2/signature.h
+++ b/include/git2/signature.h
@ -23,6 +23,9 @@ GIT_BEGIN_DECL
 * Create a new action signature. The signature must be freed
 * manually or using git_signature_free
 *
+ * Note: angle brackets ('<' and '>') characters are not allowed
+ * to be used in either the `name` or the `email` parameter.
+ *
 * @param sig_out new signature, in case of error NULL
 * @param name name of the person
 * @param email email of the person
--- a/src/signature.c
+++ b/src/signature.c
@ -40,7 +40,7 @@ static const char *skip_trailing_spaces(const char *buffer_start, const char *bu

 static int signature_error(const char *msg)
 {
-	giterr_set(GITERR_INVALID, "Failed to parse signature - %s", msg);
+	giterr_set(GITERR_INVALID, "Failed to process signature - %s", msg);
 	return -1;
 }

@ -72,9 +72,16 @@ static int process_trimming(const char *input, char **storage, const char *input
 	return 0;
 }

+static bool contains_angle_brackets(const char *input)
+{
+	if (strchr(input, '<') != NULL)
+		return true;
+
+	return strchr(input, '>') != NULL;
+}
+
 int git_signature_new(git_signature **sig_out, const char *name, const char *email, git_time_t time, int offset)
 {
-	int error;
 	git_signature *p = NULL;

 	assert(name && email);
@ -84,11 +91,18 @@ int git_signature_new(git_signature **sig_out, const char *name, const char *ema
 	p = git__calloc(1, sizeof(git_signature));
 	GITERR_CHECK_ALLOC(p);

-	if ((error = process_trimming(name, &p->name, name + strlen(name), 1)) < 0 ||
-		(error = process_trimming(email, &p->email, email + strlen(email), 1)) < 0)
+	if (process_trimming(name, &p->name, name + strlen(name), 1) < 0 ||
+		process_trimming(email, &p->email, email + strlen(email), 1) < 0)
 	{
 		git_signature_free(p);
-		return error;
+		return -1;
+	}
+		
+	if (contains_angle_brackets(p->email) ||
+		contains_angle_brackets(p->name))
+	{
+		git_signature_free(p);
+		return signature_error("Neither `name` nor `email` should contain angle brackets chars.");
 	}

 	p->when.time = time;
--- a/tests-clar/commit/signature.c
+++ b/tests-clar/commit/signature.c
@ -13,17 +13,39 @@ static int try_build_signature(const char *name, const char *email, git_time_t t
 	return error;
 }

-
-void test_commit_signature__create_trim(void)
+static void assert_name_and_email(
+	const char *expected_name,
+	const char *expected_email,
+	const char *name,
+	const char *email)
 {
-   // creating a signature trims leading and trailing spaces
-   git_signature *sign;
-	cl_git_pass(git_signature_new(&sign, "  nulltoken ", "   emeric.fermas@gmail.com     ", 1234567890, 60));
-	cl_assert(strcmp(sign->name, "nulltoken") == 0);
-	cl_assert(strcmp(sign->email, "emeric.fermas@gmail.com") == 0);
-	git_signature_free((git_signature *)sign);
+	git_signature *sign;
+
+	cl_git_pass(git_signature_new(&sign, name, email, 1234567890, 60));
+	cl_assert_equal_s(expected_name, sign->name);
+	cl_assert_equal_s(expected_email, sign->email);
+
+	git_signature_free(sign);
 }

+void test_commit_signature__leading_and_trailing_spaces_are_trimmed(void)
+{
+	assert_name_and_email("nulltoken", "emeric.fermas@gmail.com", "  nulltoken ", "   emeric.fermas@gmail.com     ");
+}
+
+void test_commit_signature__angle_brackets_in_names_are_not_supported(void)
+{
+	cl_git_fail(try_build_signature("<Phil Haack", "phil@haack", 1234567890, 60));
+	cl_git_fail(try_build_signature("Phil>Haack", "phil@haack", 1234567890, 60));
+	cl_git_fail(try_build_signature("<Phil Haack>", "phil@haack", 1234567890, 60));
+}
+
+void test_commit_signature__angle_brackets_in_email_are_not_supported(void)
+{
+	cl_git_fail(try_build_signature("Phil Haack", ">phil@haack", 1234567890, 60));
+	cl_git_fail(try_build_signature("Phil Haack", "phil@>haack", 1234567890, 60));
+	cl_git_fail(try_build_signature("Phil Haack", "<phil@haack>", 1234567890, 60));
+}

 void test_commit_signature__create_empties(void)
 {
@ -39,21 +61,13 @@ void test_commit_signature__create_empties(void)
 void test_commit_signature__create_one_char(void)
 {
   // creating a one character signature
-	git_signature *sign;
-	cl_git_pass(git_signature_new(&sign, "x", "foo@bar.baz", 1234567890, 60));
-	cl_assert(strcmp(sign->name, "x") == 0);
-	cl_assert(strcmp(sign->email, "foo@bar.baz") == 0);
-	git_signature_free((git_signature *)sign);
+	assert_name_and_email("x", "foo@bar.baz", "x", "foo@bar.baz");
 }

 void test_commit_signature__create_two_char(void)
 {
   // creating a two character signature
-	git_signature *sign;
-	cl_git_pass(git_signature_new(&sign, "xx", "x@y.z", 1234567890, 60));
-	cl_assert(strcmp(sign->name, "xx") == 0);
-	cl_assert(strcmp(sign->email, "x@y.z") == 0);
-	git_signature_free((git_signature *)sign);
+	assert_name_and_email("xx", "foo@bar.baz", "xx", "foo@bar.baz");
 }

 void test_commit_signature__create_zero_char(void)