make sure that requests to this helper to get credentials return early if there is no host ord the host is empty. Signed-off-by: Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx> --- contrib/credential/osxkeychain/git-credential-osxkeychain.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/contrib/credential/osxkeychain/git-credential-osxkeychain.c b/contrib/credential/osxkeychain/git-credential-osxkeychain.c index bcd3f575a3..2264a88c41 100644 --- a/contrib/credential/osxkeychain/git-credential-osxkeychain.c +++ b/contrib/credential/osxkeychain/git-credential-osxkeychain.c @@ -69,6 +69,12 @@ static void find_internet_password(void) UInt32 len; SecKeychainItemRef item; + /* + * Require at valid host to fix CVE-2020-11008 + */ + if (!host || !*host) + return; + if (SecKeychainFindInternetPassword(KEYCHAIN_ARGS, &len, &buf, &item)) return; -- 2.26.2.111.gbff22aa583
