diff options
Diffstat (limited to 'meta/recipes-devtools/git/git/CVE-2020-11008-8.patch')
-rw-r--r-- | meta/recipes-devtools/git/git/CVE-2020-11008-8.patch | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch b/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch new file mode 100644 index 0000000000..935d47795f --- /dev/null +++ b/meta/recipes-devtools/git/git/CVE-2020-11008-8.patch | |||
@@ -0,0 +1,114 @@ | |||
1 | From 5e06d0781a963d62413ae7eab4eb78cc7195af8b Mon Sep 17 00:00:00 2001 | ||
2 | From: Jonathan Nieder <jrnieder@gmail.com> | ||
3 | Date: Sat, 18 Apr 2020 20:54:57 -0700 | ||
4 | Subject: [PATCH 11/12] credential: treat URL with empty scheme as invalid | ||
5 | |||
6 | Until "credential: refuse to operate when missing host or protocol", | ||
7 | Git's credential handling code interpreted URLs with empty scheme to | ||
8 | mean "give me credentials matching this host for any protocol". | ||
9 | |||
10 | Luckily libcurl does not recognize such URLs (it tries to look for a | ||
11 | protocol named "" and fails). Just in case that changes, let's reject | ||
12 | them within Git as well. This way, credential_from_url is guaranteed to | ||
13 | always produce a "struct credential" with protocol and host set. | ||
14 | |||
15 | Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> | ||
16 | |||
17 | Upstream-Status: Backport | ||
18 | CVE: CVE-2020-11008 (8) | ||
19 | Signed-off-by: Li Zhou <li.zhou@windriver.com> | ||
20 | --- | ||
21 | credential.c | 5 ++--- | ||
22 | t/t5550-http-fetch-dumb.sh | 9 +++++++++ | ||
23 | t/t7416-submodule-dash-url.sh | 32 ++++++++++++++++++++++++++++++++ | ||
24 | 3 files changed, 43 insertions(+), 3 deletions(-) | ||
25 | |||
26 | diff --git a/credential.c b/credential.c | ||
27 | index 1e1aed5..cf11cc9 100644 | ||
28 | --- a/credential.c | ||
29 | +++ b/credential.c | ||
30 | @@ -360,7 +360,7 @@ int credential_from_url_gently(struct credential *c, const char *url, | ||
31 | * (3) proto://<user>:<pass>@<host>/... | ||
32 | */ | ||
33 | proto_end = strstr(url, "://"); | ||
34 | - if (!proto_end) { | ||
35 | + if (!proto_end || proto_end == url) { | ||
36 | if (!quiet) | ||
37 | warning(_("url has no scheme: %s"), url); | ||
38 | return -1; | ||
39 | @@ -385,8 +385,7 @@ int credential_from_url_gently(struct credential *c, const char *url, | ||
40 | host = at + 1; | ||
41 | } | ||
42 | |||
43 | - if (proto_end - url > 0) | ||
44 | - c->protocol = xmemdupz(url, proto_end - url); | ||
45 | + c->protocol = xmemdupz(url, proto_end - url); | ||
46 | c->host = url_decode_mem(host, slash - host); | ||
47 | /* Trim leading and trailing slashes from path */ | ||
48 | while (*slash == '/') | ||
49 | diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh | ||
50 | index 1c9e5d3..ea2688b 100755 | ||
51 | --- a/t/t5550-http-fetch-dumb.sh | ||
52 | +++ b/t/t5550-http-fetch-dumb.sh | ||
53 | @@ -325,6 +325,15 @@ test_expect_success 'remote-http complains cleanly about malformed urls' ' | ||
54 | test_i18ngrep "url has no scheme" stderr | ||
55 | ' | ||
56 | |||
57 | +# NEEDSWORK: Writing commands to git-remote-curl can race against the latter | ||
58 | +# erroring out, producing SIGPIPE. Remove "ok=sigpipe" once transport-helper has | ||
59 | +# learned to handle early remote helper failures more cleanly. | ||
60 | +test_expect_success 'remote-http complains cleanly about empty scheme' ' | ||
61 | + test_must_fail ok=sigpipe git ls-remote \ | ||
62 | + http::${HTTPD_URL#http}/dumb/repo.git 2>stderr && | ||
63 | + test_i18ngrep "url has no scheme" stderr | ||
64 | +' | ||
65 | + | ||
66 | test_expect_success 'redirects can be forbidden/allowed' ' | ||
67 | test_must_fail git -c http.followRedirects=false \ | ||
68 | clone $HTTPD_URL/dumb-redir/repo.git dumb-redir && | ||
69 | diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh | ||
70 | index 249dc3d..9309040 100755 | ||
71 | --- a/t/t7416-submodule-dash-url.sh | ||
72 | +++ b/t/t7416-submodule-dash-url.sh | ||
73 | @@ -92,6 +92,38 @@ test_expect_success 'fsck rejects relative URL resolving to missing scheme' ' | ||
74 | grep gitmodulesUrl err | ||
75 | ' | ||
76 | |||
77 | +test_expect_success 'fsck rejects empty URL scheme' ' | ||
78 | + git checkout --orphan empty-scheme && | ||
79 | + cat >.gitmodules <<-\EOF && | ||
80 | + [submodule "foo"] | ||
81 | + url = http::://one.example.com/foo.git | ||
82 | + EOF | ||
83 | + git add .gitmodules && | ||
84 | + test_tick && | ||
85 | + git commit -m "gitmodules with empty URL scheme" && | ||
86 | + test_when_finished "rm -rf dst" && | ||
87 | + git init --bare dst && | ||
88 | + git -C dst config transfer.fsckObjects true && | ||
89 | + test_must_fail git push dst HEAD 2>err && | ||
90 | + grep gitmodulesUrl err | ||
91 | +' | ||
92 | + | ||
93 | +test_expect_success 'fsck rejects relative URL resolving to empty scheme' ' | ||
94 | + git checkout --orphan relative-empty-scheme && | ||
95 | + cat >.gitmodules <<-\EOF && | ||
96 | + [submodule "foo"] | ||
97 | + url = ../../../:://one.example.com/foo.git | ||
98 | + EOF | ||
99 | + git add .gitmodules && | ||
100 | + test_tick && | ||
101 | + git commit -m "relative gitmodules URL resolving to empty scheme" && | ||
102 | + test_when_finished "rm -rf dst" && | ||
103 | + git init --bare dst && | ||
104 | + git -C dst config transfer.fsckObjects true && | ||
105 | + test_must_fail git push dst HEAD 2>err && | ||
106 | + grep gitmodulesUrl err | ||
107 | +' | ||
108 | + | ||
109 | test_expect_success 'fsck permits embedded newline with unrecognized scheme' ' | ||
110 | git checkout --orphan newscheme && | ||
111 | cat >.gitmodules <<-\EOF && | ||
112 | -- | ||
113 | 1.9.1 | ||
114 | |||