From: Junio C Hamano Date: Tue, 28 Mar 2017 20:52:23 +0000 (-0700) Subject: Merge branch 'ew/http-alternates-as-redirects-warning' into maint X-Git-Tag: v2.12.3~18 X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/c953cf95a5fdf2fa1b8f288db6b1a0398d6e8311?ds=inline;hp=-c Merge branch 'ew/http-alternates-as-redirects-warning' into maint Recent versions of Git treats http alternates (used in dumb http transport) just like HTTP redirects and requires the client to enable following it, due to security concerns. But we forgot to give a warning when we decide not to honor the alternates. * ew/http-alternates-as-redirects-warning: http: release strbuf on disabled alternates http: inform about alternates-as-redirects behavior --- c953cf95a5fdf2fa1b8f288db6b1a0398d6e8311 diff --combined http-walker.c index 507c200f00,ab7d5537ae..ee049cb13d --- a/http-walker.c +++ b/http-walker.c @@@ -168,6 -168,11 +168,11 @@@ static int is_alternate_allowed(const c }; int i; + if (http_follow_config != HTTP_FOLLOW_ALWAYS) { + warning("alternate disabled by http.followRedirects: %s", url); + return 0; + } + for (i = 0; i < ARRAY_SIZE(protocols); i++) { const char *end; if (skip_prefix(url, protocols[i], &end) && @@@ -296,16 -301,13 +301,16 @@@ static void process_alternates_response okay = 1; } } - /* skip "objects\n" at end */ if (okay) { struct strbuf target = STRBUF_INIT; strbuf_add(&target, base, serverlen); - strbuf_add(&target, data + i, posn - i - 7); - - if (is_alternate_allowed(target.buf)) { + strbuf_add(&target, data + i, posn - i); + if (!strbuf_strip_suffix(&target, "objects")) { + warning("ignoring alternate that does" + " not end in 'objects': %s", + target.buf); + strbuf_release(&target); + } else if (is_alternate_allowed(target.buf)) { warning("adding alternate object store: %s", target.buf); newalt = xmalloc(sizeof(*newalt)); @@@ -317,6 -319,8 +322,8 @@@ while (tail->next != NULL) tail = tail->next; tail->next = newalt; + } else { + strbuf_release(&target); } } } @@@ -334,9 -338,6 +341,6 @@@ static void fetch_alternates(struct wal struct alternates_request alt_req; struct walker_data *cdata = walker->data; - if (http_follow_config != HTTP_FOLLOW_ALWAYS) - return; - /* * If another request has already started fetching alternates, * wait for them to arrive and return to processing this request's