Re: [BUG] credential wildcard does not match hostnames containing an underscore

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Jeff King <peff@peff.net>
Cc: Junio C Hamano <gitster@pobox.com>, Alex Waite <alex@waite.eu>,
	git@vger.kernel.org
Subject: Re: [BUG] credential wildcard does not match hostnames containing an underscore
Date: Tue, 12 Oct 2021 21:21:59 +0000	[thread overview]
Message-ID: <YWX8d/VTrkOz5tga@camp.crustytoothpaste.net> (raw)
In-Reply-To: <YWXzGeiUSMeq5Key@coredump.intra.peff.net>

[-- Attachment #1: Type: text/plain, Size: 2145 bytes --]

On 2021-10-12 at 20:42:01, Jeff King wrote:
> On Tue, Oct 12, 2021 at 10:47:01AM -0700, Junio C Hamano wrote:
> 
> > "Alex Waite" <alex@waite.eu> writes:
> > 
> > >   This works for all tested subdomains /except/ for those which contain an
> > >   underscore.
> > >
> > >   authenticates without prompting:
> > >     git clone https://testA.example.com
> > >     git clone https://test-b.example.com
> > >
> > >   prompts for authentication:
> > >     git clone https://test_c.example.com
> > 
> > Hmph, given that hostnames cannot have '_' (cf. RFC1123 2.1 "Host
> > Names and Numbers", for example), the third URL seems invalid.  Is
> > this even a bug?
> 
> That may be so for hostnames in general, but URLs seem to allow it. RFC
> 3986 says:
> 
>       host        = IP-literal / IPv4address / reg-name
>       reg-name    = *( unreserved / pct-encoded / sub-delims )
>       unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"

That's what the schema says.  The text says this:

  A host identified by a registered name is a sequence of characters
  usually intended for lookup within a locally defined host or service
  name registry, though the URI's scheme-specific semantics may require
  that a specific registry (or fixed name table) be used instead.  The
  most common name registry mechanism is the Domain Name System (DNS).
  A registered name intended for lookup in the DNS uses the syntax
  defined in Section 3.5 of [RFC1034] and Section 2.1 of [RFC1123].

Those RFCs disallow the underscore.

If we plan to allow names that are not registered in the DNS, we should
clearly specify what those are and document how they work in conjunction
with libcurl (which presumably does a DNS lookup on them).  It's my
guess that there are going to be system resolvers which are not going to
accept this syntax in getaddrinfo and as a result, we're going to have
various breakage across systems if we try to accept this.

I'm happy to put in a change to reject these hostnames altogether, but I
won't get to it before Friday.
-- 
brian m. carlson (he/him or they/them)
Toronto, Ontario, CA

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

next prev parent reply	other threads:[~2021-10-12 21:22 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-12 14:25 [BUG] credential wildcard does not match hostnames containing an underscore Alex Waite
2021-10-12 17:47 ` Junio C Hamano
2021-10-12 18:00   ` Alex Waite
2021-10-12 18:28     ` Junio C Hamano
2021-10-12 20:45     ` Jeff King
2021-10-12 20:42   ` Jeff King
2021-10-12 20:53     ` Jeff King
2021-10-12 21:12       ` [PATCH] urlmatch: add underscore to URL_HOST_CHARS Jeff King
2021-10-12 21:21     ` brian m. carlson [this message]
2021-10-12 21:32       ` [BUG] credential wildcard does not match hostnames containing an underscore Jeff King
2021-10-12 21:48         ` brian m. carlson
2021-10-12 21:55           ` Jeff King
2021-10-12 21:57           ` brian m. carlson
2021-10-12 22:25             ` Aaron Schrab
2021-10-13 16:21               ` Alex Waite
2021-10-14 11:43                 ` Philip Oakley
2021-10-12 21:12 ` brian m. carlson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YWX8d/VTrkOz5tga@camp.crustytoothpaste.net \
    --to=sandals@crustytoothpaste.net \
    --cc=alex@waite.eu \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).