From 7be5104d241ce84537076ad92d2ac1604ea33b8a Mon Sep 17 00:00:00 2001 From: Ben Straub Date: Thu, 31 Oct 2013 13:15:49 -0700 Subject: [PATCH 1/4] Add tests for badly-formed URLs --- tests-clar/clone/nonetwork.c | 8 ++------ tests-clar/network/urlparse.c | 7 +++++++ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/tests-clar/clone/nonetwork.c b/tests-clar/clone/nonetwork.c index 9eb4bf9db..90e1e6439 100644 --- a/tests-clar/clone/nonetwork.c +++ b/tests-clar/clone/nonetwork.c @@ -56,13 +56,9 @@ void test_clone_nonetwork__bad_urls(void) cl_assert(!git_path_exists("./foo")); cl_git_fail(git_clone(&g_repo, "git://example.com:asdf", "./foo", &g_options)); - cl_assert(!git_path_exists("./foo")); - cl_git_fail(git_clone(&g_repo, "git://example.com:asdf/foo", "./foo", &g_options)); - cl_assert(!git_path_exists("./foo")); - cl_git_fail(git_clone(&g_repo, "https://example.com:asdf", "./foo", &g_options)); - cl_assert(!git_path_exists("./foo")); cl_git_fail(git_clone(&g_repo, "https://example.com:asdf/foo", "./foo", &g_options)); - cl_assert(!git_path_exists("./foo")); + cl_git_fail(git_clone(&g_repo, "git://github.com/git://github.com/foo/bar.git.git", + "./bar", &g_options)); } void test_clone_nonetwork__do_not_clean_existing_directory(void) diff --git a/tests-clar/network/urlparse.c b/tests-clar/network/urlparse.c index 274d7e900..15e841b35 100644 --- a/tests-clar/network/urlparse.c +++ b/tests-clar/network/urlparse.c @@ -31,6 +31,13 @@ void test_network_urlparse__trivial(void) cl_assert_equal_p(pass, NULL); } +void test_network_urlparse__bad_url(void) +{ + cl_git_fail_with(gitno_extract_url_parts(&host, &port, &user, &pass, + "github.com/git://github.com/foo/bar.git.git", "443"), + GIT_EINVALIDSPEC); +} + void test_network_urlparse__user(void) { cl_git_pass(gitno_extract_url_parts(&host, &port, &user, &pass, From 151b321898a4b24bfa25f0c4a6bacf6565e0cdb4 Mon Sep 17 00:00:00 2001 From: Ben Straub Date: Thu, 31 Oct 2013 13:16:04 -0700 Subject: [PATCH 2/4] Prevent segfault with a badly-formed URL --- src/netops.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/netops.c b/src/netops.c index 7a61ef820..5f0db24ef 100644 --- a/src/netops.c +++ b/src/netops.c @@ -679,9 +679,10 @@ int gitno_extract_url_parts( slash = strchr(url, '/'); at = strchr(url, '@'); - if (slash == NULL) { - giterr_set(GITERR_NET, "Malformed URL: missing /"); - return -1; + if (!slash || + (colon && slash < colon)) { + giterr_set(GITERR_NET, "Malformed URL"); + return GIT_EINVALIDSPEC; } start = url; From 887df99f17c44b0726e0034885ea922b99254933 Mon Sep 17 00:00:00 2001 From: Ben Straub Date: Thu, 31 Oct 2013 13:29:16 -0700 Subject: [PATCH 3/4] Test another bad URL --- tests-clar/clone/nonetwork.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests-clar/clone/nonetwork.c b/tests-clar/clone/nonetwork.c index 90e1e6439..a286e2a8f 100644 --- a/tests-clar/clone/nonetwork.c +++ b/tests-clar/clone/nonetwork.c @@ -58,7 +58,9 @@ void test_clone_nonetwork__bad_urls(void) cl_git_fail(git_clone(&g_repo, "git://example.com:asdf", "./foo", &g_options)); cl_git_fail(git_clone(&g_repo, "https://example.com:asdf/foo", "./foo", &g_options)); cl_git_fail(git_clone(&g_repo, "git://github.com/git://github.com/foo/bar.git.git", - "./bar", &g_options)); + "./foo", &g_options)); + cl_git_fail(git_clone(&g_repo, "arrbee:my/bad:password@github.com:1111/strange:words.git", + "./foo", &g_options)); } void test_clone_nonetwork__do_not_clean_existing_directory(void) From 048f837b2fd5cd12ed7e3ca497f11460ab3114a9 Mon Sep 17 00:00:00 2001 From: Ben Straub Date: Thu, 31 Oct 2013 13:30:22 -0700 Subject: [PATCH 4/4] Prevent another segfault from bad URL --- src/netops.c | 2 +- src/transports/ssh.c | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/netops.c b/src/netops.c index 5f0db24ef..7e13f12e7 100644 --- a/src/netops.c +++ b/src/netops.c @@ -680,7 +680,7 @@ int gitno_extract_url_parts( at = strchr(url, '@'); if (!slash || - (colon && slash < colon)) { + (colon && (slash < colon))) { giterr_set(GITERR_NET, "Malformed URL"); return GIT_EINVALIDSPEC; } diff --git a/src/transports/ssh.c b/src/transports/ssh.c index 6ce673d5e..4e2834b49 100644 --- a/src/transports/ssh.c +++ b/src/transports/ssh.c @@ -213,10 +213,6 @@ static int git_ssh_extract_url_parts( colon = strchr(url, ':'); - if (colon == NULL) { - giterr_set(GITERR_NET, "Malformed URL: missing :"); - return -1; - } at = strchr(url, '@'); if (at) { @@ -228,6 +224,11 @@ static int git_ssh_extract_url_parts( *username = NULL; } + if (colon == NULL || (colon < start)) { + giterr_set(GITERR_NET, "Malformed URL"); + return -1; + } + *host = git__substrdup(start, colon - start); GITERR_CHECK_ALLOC(*host); @@ -316,7 +317,7 @@ static int _git_ssh_setup_conn( const char *cmd, git_smart_subtransport_stream **stream) { - char *host, *port=NULL, *user=NULL, *pass=NULL; + char *host=NULL, *port=NULL, *user=NULL, *pass=NULL; const char *default_port="22"; ssh_stream *s; LIBSSH2_SESSION* session=NULL;