When passing a malformed URL to http_init() in http.c, git dies from a null
pointer dereference. An example for a malformed URL is http:/git-scm.com (note
the single slash after the protocol).
This patch adds simple error handling as git notices the malformed URL already,
but never checks the error value.
When passing a malformed URL, credential_from_url(struct credential *c, const char *url)
initializes *c with null values. When the existence of `://` in url is checked,
the function returns without further change of *c.
The null pointer dereference occurs in get_curl_handle () at http.c:593, when
the `protocol` field of struct credential is strcmp'ed:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000405efd in get_curl_handle () at http.c:593
593 if (!strcmp(http_auth.protocol, "https")) {
---
http.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/http.c b/http.c
index 69da445..80cf752 100644
--- a/http.c
+++ b/http.c
@@ -660,6 +660,9 @@ void http_init(struct remote *remote, const char *url, int proactive_auth)
http_is_verbose = 0;
normalized_url = url_normalize(url, &config.url);
+
+ if (config.url.err)
+ die(_("libcurl: %s, URL: %s"), config.url.err, url);
git_config(urlmatch_config_entry, &config);
free(normalized_url);
--
2.8.0.rc1.108.g7827469
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html