Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
git
提交
f2df3104
G
git
项目概览
李少辉-开发者
/
git
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
git
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
f2df3104
编写于
9月 28, 2015
作者:
J
Junio C Hamano
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'jk/transfer-limit-redirection' into maint-2.3
上级
df37727a
b2581164
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
78 addition
and
15 deletion
+78
-15
Documentation/git.txt
Documentation/git.txt
+0
-5
http.c
http.c
+18
-0
t/lib-httpd/apache.conf
t/lib-httpd/apache.conf
+4
-0
t/t5812-proto-disable-http.sh
t/t5812-proto-disable-http.sh
+13
-0
transport.c
transport.c
+30
-8
transport.h
transport.h
+13
-2
未找到文件。
Documentation/git.txt
浏览文件 @
f2df3104
...
...
@@ -1071,11 +1071,6 @@ GIT_ICASE_PATHSPECS::
- any external helpers are named by their protocol (e.g., use
`hg` to allow the `git-remote-hg` helper)
+
Note that this controls only git's internal protocol selection.
If libcurl is used (e.g., by the `http` transport), it may
redirect to other protocols. There is not currently any way to
restrict this.
Discussion[[Discussion]]
...
...
http.c
浏览文件 @
f2df3104
...
...
@@ -8,6 +8,7 @@
#include "credential.h"
#include "version.h"
#include "pkt-line.h"
#include "transport.h"
int
active_requests
;
int
http_is_verbose
;
...
...
@@ -303,6 +304,7 @@ static void set_curl_keepalive(CURL *c)
static
CURL
*
get_curl_handle
(
void
)
{
CURL
*
result
=
curl_easy_init
();
long
allowed_protocols
=
0
;
if
(
!
result
)
die
(
"curl_easy_init failed"
);
...
...
@@ -350,11 +352,27 @@ static CURL *get_curl_handle(void)
}
curl_easy_setopt
(
result
,
CURLOPT_FOLLOWLOCATION
,
1
);
curl_easy_setopt
(
result
,
CURLOPT_MAXREDIRS
,
20
);
#if LIBCURL_VERSION_NUM >= 0x071301
curl_easy_setopt
(
result
,
CURLOPT_POSTREDIR
,
CURL_REDIR_POST_ALL
);
#elif LIBCURL_VERSION_NUM >= 0x071101
curl_easy_setopt
(
result
,
CURLOPT_POST301
,
1
);
#endif
#if LIBCURL_VERSION_NUM >= 0x071304
if
(
is_transport_allowed
(
"http"
))
allowed_protocols
|=
CURLPROTO_HTTP
;
if
(
is_transport_allowed
(
"https"
))
allowed_protocols
|=
CURLPROTO_HTTPS
;
if
(
is_transport_allowed
(
"ftp"
))
allowed_protocols
|=
CURLPROTO_FTP
;
if
(
is_transport_allowed
(
"ftps"
))
allowed_protocols
|=
CURLPROTO_FTPS
;
curl_easy_setopt
(
result
,
CURLOPT_REDIR_PROTOCOLS
,
allowed_protocols
);
#else
if
(
transport_restrict_protocols
())
warning
(
"protocol restrictions not applied to curl redirects because
\n
"
"your curl version is too old (>= 7.19.4)"
);
#endif
if
(
getenv
(
"GIT_CURL_VERBOSE"
))
curl_easy_setopt
(
result
,
CURLOPT_VERBOSE
,
1
);
...
...
t/lib-httpd/apache.conf
浏览文件 @
f2df3104
...
...
@@ -119,6 +119,10 @@ RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301]
RewriteRule
^/
smart
-
redir
-
temp
/(.*)$ /
smart
/$
1
[
R
=
302
]
RewriteRule
^/
smart
-
redir
-
auth
/(.*)$ /
auth
/
smart
/$
1
[
R
=
301
]
RewriteRule
^/
smart
-
redir
-
limited
/(.*)/
info
/
refs
$ /
smart
/$
1
/
info
/
refs
[
R
=
301
]
RewriteRule
^/
ftp
-
redir
/(.*)$
ftp
://
localhost
:
1000
/$
1
[
R
=
302
]
RewriteRule
^/
loop
-
redir
/
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-
x
-(.*) /$
1
[
R
=
302
]
RewriteRule
^/
loop
-
redir
/(.*)$ /
loop
-
redir
/
x
-$
1
[
R
=
302
]
<
IfDefine
SSL
>
LoadModule
ssl_module
modules
/
mod_ssl
.
so
...
...
t/t5812-proto-disable-http.sh
浏览文件 @
f2df3104
...
...
@@ -16,5 +16,18 @@ test_expect_success 'create git-accessible repo' '
test_proto
"smart http"
http
"
$HTTPD_URL
/smart/repo.git"
test_expect_success
'curl redirects respect whitelist'
'
test_must_fail env GIT_ALLOW_PROTOCOL=http:https \
git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr &&
{
test_i18ngrep "ftp.*disabled" stderr ||
test_i18ngrep "your curl version is too old"
}
'
test_expect_success
'curl limits redirects'
'
test_must_fail git clone "$HTTPD_URL/loop-redir/smart/repo.git"
'
stop_httpd
test_done
transport.c
浏览文件 @
f2df3104
...
...
@@ -909,18 +909,40 @@ static int external_specification_len(const char *url)
return
strchr
(
url
,
':'
)
-
url
;
}
void
transport_check_allowed
(
const
char
*
type
)
static
const
struct
string_list
*
protocol_whitelist
(
void
)
{
struct
string_list
allowed
=
STRING_LIST_INIT_DUP
;
const
char
*
v
=
getenv
(
"GIT_ALLOW_PROTOCOL"
);
static
int
enabled
=
-
1
;
static
struct
string_list
allowed
=
STRING_LIST_INIT_DUP
;
if
(
enabled
<
0
)
{
const
char
*
v
=
getenv
(
"GIT_ALLOW_PROTOCOL"
);
if
(
v
)
{
string_list_split
(
&
allowed
,
v
,
':'
,
-
1
);
string_list_sort
(
&
allowed
);
enabled
=
1
;
}
else
{
enabled
=
0
;
}
}
if
(
!
v
)
return
;
return
enabled
?
&
allowed
:
NULL
;
}
int
is_transport_allowed
(
const
char
*
type
)
{
const
struct
string_list
*
allowed
=
protocol_whitelist
();
return
!
allowed
||
string_list_has_string
(
allowed
,
type
);
}
string_list_split
(
&
allowed
,
v
,
':'
,
-
1
);
if
(
!
unsorted_string_list_has_string
(
&
allowed
,
type
))
void
transport_check_allowed
(
const
char
*
type
)
{
if
(
!
is_transport_allowed
(
type
))
die
(
"transport '%s' not allowed"
,
type
);
string_list_clear
(
&
allowed
,
0
);
}
int
transport_restrict_protocols
(
void
)
{
return
!!
protocol_whitelist
();
}
struct
transport
*
transport_get
(
struct
remote
*
remote
,
const
char
*
url
)
...
...
transport.h
浏览文件 @
f2df3104
...
...
@@ -132,13 +132,24 @@ struct transport {
/* Returns a transport suitable for the url */
struct
transport
*
transport_get
(
struct
remote
*
,
const
char
*
);
/*
* Check whether a transport is allowed by the environment. Type should
* generally be the URL scheme, as described in Documentation/git.txt
*/
int
is_transport_allowed
(
const
char
*
type
);
/*
* Check whether a transport is allowed by the environment,
* and die otherwise. type should generally be the URL scheme,
* as described in Documentation/git.txt
* and die otherwise.
*/
void
transport_check_allowed
(
const
char
*
type
);
/*
* Returns true if the user has attempted to turn on protocol
* restrictions at all.
*/
int
transport_restrict_protocols
(
void
);
/* Transport options which apply to git:// and scp-style URLs */
/* The program to use on the remote side to send a pack */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录