|
 |
fdd391 |
From 2d22150270739cd29d0ac6bc329e0a2e2910d7d9 Mon Sep 17 00:00:00 2001
|
|
|
fdd391 |
From: Petr Stodulka <pstodulk@redhat.com>
|
|
|
fdd391 |
Date: Fri, 23 Oct 2015 17:36:57 +0200
|
|
|
fdd391 |
Subject: [PATCH 4/5] http-limit-redirection-to-protocol-whitelist
|
|
|
fdd391 |
|
|
|
fdd391 |
Previously, libcurl would follow redirection to any protocol
|
|
|
fdd391 |
it was compiled for support with. This is desirable to allow
|
|
|
fdd391 |
redirection from HTTP to HTTPS. However, it would even
|
|
|
fdd391 |
successfully allow redirection from HTTP to SFTP, a protocol
|
|
|
fdd391 |
that git does not otherwise support at all. Furthermore
|
|
|
fdd391 |
git's new protocol-whitelisting could be bypassed by
|
|
|
fdd391 |
following a redirect within the remote helper, as it was
|
|
|
fdd391 |
only enforced at transport selection time.
|
|
|
fdd391 |
|
|
|
fdd391 |
This patch limits redirects within libcurl to HTTP, HTTPS,
|
|
|
fdd391 |
FTP and FTPS. If there is a protocol-whitelist present, this
|
|
|
fdd391 |
list is limited to those also allowed by the whitelist. As
|
|
|
fdd391 |
redirection happens from within libcurl, it is impossible
|
|
|
fdd391 |
for an HTTP redirect to a protocol implemented within
|
|
|
fdd391 |
another remote helper.
|
|
|
fdd391 |
|
|
|
fdd391 |
When the curl version git was compiled with is too old to
|
|
|
fdd391 |
support restrictions on protocol redirection, we warn the
|
|
|
fdd391 |
user if GIT_ALLOW_PROTOCOL restrictions were requested. This
|
|
|
fdd391 |
is a little inaccurate, as even without that variable in the
|
|
|
fdd391 |
environment, we would still restrict SFTP, etc, and we do
|
|
|
fdd391 |
not warn in that case. But anything else means we would
|
|
|
fdd391 |
literally warn every time git accesses an http remote.
|
|
|
fdd391 |
---
|
|
|
fdd391 |
http.c | 17 +++++++++++++++++
|
|
|
fdd391 |
1 file changed, 17 insertions(+)
|
|
|
fdd391 |
|
|
|
fdd391 |
diff --git a/http.c b/http.c
|
|
|
fdd391 |
index 92aba59..235c2d5 100644
|
|
|
fdd391 |
--- a/http.c
|
|
|
fdd391 |
+++ b/http.c
|
|
|
fdd391 |
@@ -6,6 +6,7 @@
|
|
|
fdd391 |
#include "credential.h"
|
|
|
fdd391 |
#include "version.h"
|
|
|
fdd391 |
#include "pkt-line.h"
|
|
|
fdd391 |
+#include "transport.h"
|
|
|
fdd391 |
|
|
|
fdd391 |
int active_requests;
|
|
|
fdd391 |
int http_is_verbose;
|
|
|
fdd391 |
@@ -252,6 +253,7 @@ static int has_cert_password(void)
|
|
|
fdd391 |
static CURL *get_curl_handle(void)
|
|
|
fdd391 |
{
|
|
|
fdd391 |
CURL *result = curl_easy_init();
|
|
|
fdd391 |
+ long allowed_protocols = 0;
|
|
|
fdd391 |
|
|
|
fdd391 |
if (!curl_ssl_verify) {
|
|
|
fdd391 |
curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0);
|
|
|
fdd391 |
@@ -301,6 +303,21 @@ static CURL *get_curl_handle(void)
|
|
|
fdd391 |
#elif LIBCURL_VERSION_NUM >= 0x071101
|
|
|
fdd391 |
curl_easy_setopt(result, CURLOPT_POST301, 1);
|
|
|
fdd391 |
#endif
|
|
|
fdd391 |
+#if LIBCURL_VERSION_NUM >= 0x071304
|
|
|
fdd391 |
+ if (is_transport_allowed("http"))
|
|
|
fdd391 |
+ allowed_protocols |= CURLPROTO_HTTP;
|
|
|
fdd391 |
+ if (is_transport_allowed("https"))
|
|
|
fdd391 |
+ allowed_protocols |= CURLPROTO_HTTPS;
|
|
|
fdd391 |
+ if (is_transport_allowed("ftp"))
|
|
|
fdd391 |
+ allowed_protocols |= CURLPROTO_FTP;
|
|
|
fdd391 |
+ if (is_transport_allowed("ftps"))
|
|
|
fdd391 |
+ allowed_protocols |= CURLPROTO_FTPS;
|
|
|
fdd391 |
+ curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols);
|
|
|
fdd391 |
+#else
|
|
|
fdd391 |
+ if (transport_restrict_protocols())
|
|
|
fdd391 |
+ warning("protocol restrictions not applied to curl redirects because\n"
|
|
|
fdd391 |
+ "your curl version is too old (>= 7.19.4)");
|
|
|
fdd391 |
+#endif
|
|
|
fdd391 |
|
|
|
fdd391 |
if (getenv("GIT_CURL_VERBOSE"))
|
|
|
fdd391 |
curl_easy_setopt(result, CURLOPT_VERBOSE, 1);
|
|
|
fdd391 |
--
|
|
|
fdd391 |
2.1.0
|
|
|
fdd391 |
|