From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Carlo Arenas <carenas@gmail.com>
Cc: Jonathan Nieder <jrnieder@gmail.com>,
Johannes Schindelin via GitGitGadget <gitgitgadget@gmail.com>,
git@vger.kernel.org, Jeff King <peff@peff.net>,
"brian m. carlson" <sandals@crustytoothpaste.net>,
Ilya Tretyakov <it@it3xl.ru>
Subject: Re: [PATCH 2/3] credential: teach `credential_from_url()` a non-strict mode
Date: Thu, 23 Apr 2020 15:28:13 +0200 (CEST) [thread overview]
Message-ID: <nycvar.QRO.7.76.6.2004231433060.18039@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <CAPUEspgJvN6f6Wjo-yjYj-x+bYtC3vdSvwUtrF=MbJDjwYUTdA@mail.gmail.com>
Hi Carlo,
On Wed, 22 Apr 2020, Carlo Arenas wrote:
> On Wed, Apr 22, 2020 at 4:41 PM Jonathan Nieder <jrnieder@gmail.com> wrote:
> > Johannes Schindelin wrote:
> > > @@ -382,8 +382,10 @@ int credential_from_url_gently(struct credential *c, const char *url,
> > > host = at + 1;
> > > }
> > >
> > > - c->protocol = xmemdupz(url, proto_end - url);
> > > - c->host = url_decode_mem(host, slash - host);
> > > + if (proto_end && proto_end - url > 0)
> > > + c->protocol = xmemdupz(url, proto_end - url);
> >
> > What should happen when the protocol isn't present? Does this mean
> > callers will need to be audited to make sure they handle NULL?
>
> the previous code was ensuring protocol was always at least "" (albeit it
> might had been easier to understand with a comment)
If you mean v2.17.5 by "the previous code", then yes.
However, what I wanted to reinstate was the behavior of v2.17.4, at least
the behavior that was obviously intended by this code:
int credential_match(const struct credential *want,
const struct credential *have)
{
#define CHECK(x) (!want->x || (have->x && !strcmp(want->x, have->x)))
return CHECK(protocol) &&
CHECK(host) &&
CHECK(path) &&
CHECK(username);
#undef CHECK
}
What speaks loudly to me is that _any_ of these can be `NULL` in `want`.
Any of them. Even protocol.
Remember, the call that I modified here to be more lenient populates that
`want`, not that `have`. The `have` still uses the strict mode, and that
is very much by design.
I also saw reports where users try to set `useHTTPPath` for hosts, not for
URLs, and it kind of makes sense. So I wanted to make that work, too.
Except that I uncovered the bug during my investigation that v2.17.4
handled `credential.<hostname>.useHTTPPath` as if no `<hostname>` was
provided at all!
So I wanted to fix that bug as well.
What I do _not_ want is to enforce `protocol` to be set (falling back to
an empty string if not specified). See below as to why.
> removing the proto_end - url check would have the same effect, but then
> we will need to also add a explicit xmemdupz("") for the nonstrict part
> or audit (and with certainty add) checks to prevent a NULL protocol to
> introduce regressions
I fear that my patches did not make it clear that the lenient mode is
_only_ used in the config parsing, in which case we very much do not want
to have the unspecified parts be interpreted as empty strings.
For example, if I specify
[credential "http://"]
helper = prevent
to catch _all_ http:// URLs, I definitely do not want that to be used only
for URLs with an empty host name!
Likewise, if I specify
[credential "dev.azure.com"]
useHTTPPath = true
I positively want to use the path part of the URL to specify what
credential to use _when accessing http://dev.azure.com/... _or_
https://dev.azure.com/... URLs, I do not expect that setting to be used
only for URLs with an empty protocol (which are now forbidden, anyway,
IIUC)!
So no, that `xmemdupz("")` would introduce very much undesirable behavior,
I believe.
Ciao,
Dscho
next prev parent reply other threads:[~2020-04-23 13:28 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-22 20:51 [PATCH 0/3] credential: handle partial URLs in config settings again Johannes Schindelin via GitGitGadget
2020-04-22 20:51 ` [PATCH 1/3] credential: fix grammar Johannes Schindelin via GitGitGadget
2020-04-22 23:29 ` Jonathan Nieder
2020-04-22 20:51 ` [PATCH 2/3] credential: teach `credential_from_url()` a non-strict mode Johannes Schindelin via GitGitGadget
2020-04-22 22:29 ` Junio C Hamano
2020-04-22 22:50 ` Johannes Schindelin
2020-04-22 23:02 ` Junio C Hamano
2020-04-22 23:38 ` Jonathan Nieder
2020-04-23 0:02 ` Carlo Arenas
2020-04-23 13:28 ` Johannes Schindelin [this message]
2020-04-23 21:22 ` Carlo Marcelo Arenas Belón
2020-04-23 22:03 ` Johannes Schindelin
2020-04-23 22:11 ` Junio C Hamano
2020-04-23 22:16 ` Junio C Hamano
2020-04-23 23:22 ` Johannes Schindelin
2020-04-23 22:50 ` Johannes Schindelin
2020-04-22 20:51 ` [PATCH 3/3] credential: handle `credential.<partial-URL>.<key>` again Johannes Schindelin via GitGitGadget
2020-04-22 23:57 ` Jonathan Nieder
2020-04-23 23:19 ` Johannes Schindelin
2020-04-22 22:13 ` [PATCH 0/3] credential: handle partial URLs in config settings again Jeff King
2020-04-22 22:26 ` Johannes Schindelin
2020-04-22 22:47 ` Jonathan Nieder
2020-04-23 22:11 ` Johannes Schindelin
2020-04-23 23:43 ` [PATCH v2 " Johannes Schindelin via GitGitGadget
2020-04-23 23:43 ` [PATCH v2 1/3] credential: fix grammar Johannes Schindelin via GitGitGadget
2020-04-23 23:43 ` [PATCH v2 2/3] credential: optionally allow partial URLs in credential_from_url_gently() Johannes Schindelin via GitGitGadget
2020-04-23 23:43 ` [PATCH v2 3/3] credential: handle `credential.<partial-URL>.<key>` again Johannes Schindelin via GitGitGadget
2020-04-24 0:05 ` Carlo Marcelo Arenas Belón
2020-04-24 0:16 ` Johannes Schindelin
2020-04-24 0:39 ` Carlo Marcelo Arenas Belón
2020-04-24 11:34 ` Johannes Schindelin
2020-04-24 0:34 ` Junio C Hamano
2020-04-24 0:40 ` Junio C Hamano
2020-04-24 11:36 ` Johannes Schindelin
2020-04-24 0:49 ` [PATCH v2 0/3] credential: handle partial URLs in config settings again Carlo Marcelo Arenas Belón
2020-04-24 11:49 ` [PATCH v3 " Johannes Schindelin via GitGitGadget
2020-04-24 11:49 ` [PATCH v3 1/3] credential: fix grammar Johannes Schindelin via GitGitGadget
2020-04-24 11:49 ` [PATCH v3 2/3] credential: optionally allow partial URLs in credential_from_url_gently() Johannes Schindelin via GitGitGadget
2020-04-24 11:49 ` [PATCH v3 3/3] credential: handle `credential.<partial-URL>.<key>` again Johannes Schindelin via GitGitGadget
2020-04-24 15:23 ` Carlo Marcelo Arenas Belón
2020-04-25 10:43 ` Johannes Schindelin
2020-04-24 22:20 ` Junio C Hamano
2020-04-24 22:29 ` Johannes Schindelin
2020-04-28 23:13 ` Junio C Hamano
2020-04-29 14:58 ` Johannes Schindelin
2020-04-29 15:36 ` Junio C Hamano
2020-05-01 19:58 ` Johannes Schindelin
2020-05-01 20:01 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.QRO.7.76.6.2004231433060.18039@tvgsbejvaqbjf.bet \
--to=johannes.schindelin@gmx.de \
--cc=carenas@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=it@it3xl.ru \
--cc=jrnieder@gmail.com \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).