Re: [PATCH] handle_remote_ls_ctx can parsing href starting at http://

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"Kirill A. Korinskiy" <catap@xxxxxxxx> writes:

> The program call remote_ls() to get remote objects over http;
> handle_remote_ls_ctx() is used to parse it's response to populated
> "struct remote_ls_ctx" that is returned from remote_ls().
>
> The handle_remote_ls_ctx() function assumed that the server will
> returned local path in href field, but RFC 4918 demand of support full
> URI (http://localhost/repo.git for example).

Do you mean "the client should support both server-relative '/repo.git'
and full 'http://localhost/repo.git'", or "the client should reject
'/repo.git' and insist on full 'http://localhost/repo.git'"?  I am
guessing the former but it is not quite clear.  Where in 4918 is this
specified?

> This resulted in push failure (git-http-push ask server
> PROPFIND /repo.git/alhost:8080/repo.git/refs/) when a server returned
> full URI.

This is an interesting but confusing example.

Do you mean the bug is:

 (1) the client asks PROPFIND /repo.git/;

 (2) the server gives http://localhost/repo.git/refs back;

 (3) the client incorrectly assumes that the response would start with
     /repo.git/ (e.g. "/repo.git/refs"), so strips 10 bytes from the
     beginning of this result and uses the remainder as the "new"
     information to dig deeper; i.e. "alhost/repo.git/refs";

 (4) the new part is appended to the original path and the client forms
     the next request "PROPFIND /repo.git/alhost/repo.git/refs/";

 (5) instead, the client should strip the proto://host part (if exists)
     and request "PROPFIND /repo.git/refs/".

> @@ -1424,9 +1425,10 @@ static void handle_remote_ls_ctx(struct xml_ctx *ctx, int tag_closed)
>  				ls->userFunc(ls);
>  			}
>  		} else if (!strcmp(ctx->name, DAV_PROPFIND_NAME) && ctx->cdata) {
> -			ls->dentry_name = xmalloc(strlen(ctx->cdata) -
> +			char *path = strstr(ctx->cdata, remote->path);
> +			ls->dentry_name = xmalloc(strlen(path) -
>  						  remote->path_len + 1);

What if you are talking to http://repo.git/repo.git/?  Doesn't this
strstr() misbehave?  Instead, shouldn't you be checking if the response
begins with proto://host/ and stripping it iff so?
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux