src/transports


Log

Author Commit Date CI Message
Edward Thomson 1910a04a 2016-12-30T12:42:42 winhttp: set proper cert failure error messages Set up a WinHTTP status callback; inspect the WinHTTP status for WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code to a useful message for callers.
Edward Thomson 4e4a1460 2016-12-30T12:13:34 WinHTTP: support best auth mechanism For username/password credentials, support NTLM or Basic (in that order of priority). Use the WinHTTP built-in authentication support for both, and maintain a bitfield of the supported mechanisms from the response.
Carlos Martín Nieto a6d833a2 2017-01-13T17:05:58 Merge pull request #4049 from libgit2/ethomson/error_msgs giterr_set: consistent error messages
Edward Thomson 6850b516 2017-01-06T17:12:16 Merge branch '25_smartpktparse' into maint/v0.25
Patrick Steinhardt 2fdef641 2016-11-15T11:44:51 smart_pkt: treat empty packet lines as error The Git protocol does not specify what should happen in the case of an empty packet line (that is a packet line "0004"). We currently indicate success, but do not return a packet in the case where we hit an empty line. The smart protocol was not prepared to handle such packets in all cases, though, resulting in a `NULL` pointer dereference. Fix the issue by returning an error instead. As such kind of packets is not even specified by upstream, this is the right thing to do.
Patrick Steinhardt 66e3774d 2016-11-15T11:36:27 smart_pkt: verify packet length exceeds PKT_LEN_SIZE Each packet line in the Git protocol is prefixed by a four-byte length of how much data will follow, which we parse in `git_pkt_parse_line`. The transmitted length can either be equal to zero in case of a flush packet or has to be at least of length four, as it also includes the encoded length itself. Not checking this may result in a buffer overflow as we directly pass the length to functions which accept a `size_t` length as parameter. Fix the issue by verifying that non-flush packets have at least a length of `PKT_LEN_SIZE`.
Etienne Samson 9a64e62f 2016-12-21T21:24:33 http: check certificate validity before clobbering the error variable
Edward Thomson 909d5494 2016-12-29T12:25:15 giterr_set: consistent error messages Error messages should be sentence fragments, and therefore: 1. Should not begin with a capital letter, 2. Should not conclude with punctuation, and 3. Should not end a sentence and begin a new one
Carlos Martín Nieto fafafb1f 2016-12-20T16:19:30 http: bump the pretend git version in the User-Agent We want to keep the git UA in order for services to recognise that we're a Git client and not a browser. But in order to stop dumb HTTP some services have blocked UAs that claim to be pre-1.6.6 git. Thread these needles by using the "git/2.0" prefix which is still close enough to git's yet distinct enough that you can tell it's us.
Patrick Steinhardt 34b32053 2016-11-25T15:02:34 Fix potential use of uninitialized values
Patrick Steinhardt 482d1748 2016-11-25T15:01:35 transports: smart: do not redeclare loop counters
Patrick Steinhardt 62494bf2 2016-11-02T09:38:40 transports: smart: abort receiving packets on end of stream When trying to receive packets from the remote, we loop until either an error distinct to `GIT_EBUFS` occurs or until we successfully parsed the packet. This does not honor the case where we are looping over an already closed socket which has no more data, leaving us in an infinite loop if we got a bogus packet size or if the remote hang up. Fix the issue by returning `GIT_EEOF` when we cannot read data from the socket anymore.
Patrick Steinhardt 61530c49 2016-11-01T16:56:07 transports: smart: abort ref announcement on early end of stream When reading a server's reference announcements via the smart protocol, we expect the server to send multiple flushes before the protocol is finished. If we fail to receive new data from the socket, we will only return an end of stream error if we have not seen any flush yet. This logic is flawed in that we may run into an infinite loop when receiving a server's reference announcement with a bogus flush packet. E.g. assume the last flushing package is changed to not be '0000' but instead any other value. In this case, we will still await one more flush package and ignore the fact that we are not receiving any data from the socket, causing an infinite loop. Fix the issue by always returning `GIT_EEOF` if the socket indicates an end of stream.
Patrick Steinhardt b1453601 2016-08-17T11:38:26 transports: http: reset `connected` flag when closing transport
Patrick Steinhardt c4cba4e9 2016-08-17T11:00:05 transports: http: reset `connected` flag when re-connecting transport When calling `http_connect` on a subtransport whose stream is already connected, we first close the stream in case no keep-alive is in use. When doing so, we do not reset the transport's connection state, though. Usually, this will do no harm in case the subsequent connect will succeed. But when the connection fails we are left with a substransport which is tagged as connected but which has no valid stream attached. Fix the issue by resetting the subtransport's connected-state when closing its stream in `http_connect`.
wildart bdec62dc 2016-07-06T13:06:25 remove conditions that prevent use of custom TLS stream
David Brooks 6c9eb86f 2016-06-19T11:46:43 HTTP authentication scheme name is case insensitive.
Edward Thomson 2a09de91 2016-06-14T04:33:55 Merge pull request #3816 from pks-t/pks/memory-leaks Memory leak fixes
Patrick Steinhardt 43c55111 2016-06-07T14:14:07 winhttp: plug several memory leaks
Patrick Steinhardt 7d02019a 2016-06-06T12:59:17 transports: smart: fix potential invalid memory dereferences When we receive a packet of exactly four bytes encoding its length as those four bytes it can be treated as an empty line. While it is not really specified how those empty lines should be treated, we currently ignore them and do not return an error when trying to parse it but simply advance the data pointer. Callers invoking `git_pkt_parse_line` are currently not prepared to handle this case as they do not explicitly check this case. While they could always reset the passed out-pointer to `NULL` before calling `git_pkt_parse_line` and determine if the pointer has been set afterwards, it makes more sense to update `git_pkt_parse_line` to set the out-pointer to `NULL` itself when it encounters such an empty packet. Like this it is guaranteed that there will be no invalid memory references to free'd pointers. As such, the issue has been fixed such that `git_pkt_parse_line` always sets the packet out pointer to `NULL` when an empty packet has been received and callers check for this condition, skipping such packets.
Edward Thomson 375bb2fe 2016-04-21T11:02:31 transport: cast away constness for free
Carlos Martín Nieto 0d72f67f 2016-03-14T17:36:04 proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
Carlos Martín Nieto bf6f7ad2 2015-09-30T17:42:53 winhttp: correctly detect HTTPS usage
Carlos Martín Nieto b373e9a6 2015-09-21T22:38:50 net: use proxy options struct in the stream config
Carlos Martín Nieto 22e6aa0d 2015-09-23T04:39:05 proxy: don't require the trailing slash on WinHTTP The path is not something that you use for proxies, so make use of the new optionality of the path when extracting URL parts.
Carlos Martín Nieto b117721d 2015-07-29T21:23:56 proxy: use poxy to test our Windows proxy support
Carlos Martín Nieto 07bd3e57 2015-05-07T12:57:56 proxy: ask the user for credentials if necessary
Carlos Martín Nieto d4763c98 2016-03-24T06:56:25 Merge pull request #3574 from chescock/buffer-sideband-pack-data Buffer sideband packet data
Chris Hescock 9028a8a2 2016-03-08T10:16:37 Only buffer if necessary.
Edward Thomson b7809b84 2016-03-08T13:38:55 Merge pull request #3555 from cbargren/ssh-git-protocols Support for ssh+git and git+ssh protocols
Carlos Martín Nieto 22f3d3aa 2016-03-03T22:26:31 ssh: initialize libssh2 We should have been doing this, but it initializes itself upon first use, which works as long as nobody's doing concurrent network operations. Initialize it on our init to make sure it's not getting initialized concurrently.
Carlos Martín Nieto a4cba9d4 2016-03-03T10:48:24 winhttp: retry authentication If the caller has provided bad authentication, give them another apportunity to get it right until they give up. This brings WinHTTP in line with the other transports.
Patrick Steinhardt 003c5e46 2016-02-22T15:52:49 transports: smart_pkt: fix memory leaks on error paths
Patrick Steinhardt 6e2a3755 2016-02-23T11:45:43 smart_pkt: check buffer with GITERR_CHECK_ALLOC_BUF
Patrick Steinhardt b0f7512f 2016-02-15T11:46:10 transports: smart_pkt: fix memory leaks
Patrick Steinhardt 704554cd 2016-02-15T11:37:48 transports: smart: fix memory leak on OOM path
Edward Thomson 9ce0399c 2016-02-12T10:27:05 winhttp: use an unsigned iterator
Edward Thomson 5c7f2f01 2016-01-19T11:13:23 winhttp: name mangle class / iid on mingw Standard Windows type systems define CLSID_InternetSecurityManager and IID_IInternetSecurityManager, but MinGW lacks these definitions. As a result, we must hardcode these definitions ourselves. However, we should not use a public struct with those names, lest another library do the same thing and consumers cannot link to both.
Chris Hescock a7d9d93d 2016-01-11T17:09:32 Buffer sideband packet data The inner packet may be split across multiple sideband packets.
Chris Bargren 4df17045 2015-12-28T07:43:24 Removing #define for SSH_PREFIX_COUNT and using ARRAY_SIZE instead Also moving var declarations to top of blocks to support bad old compilers
Michał Górny 02fdc2db 2015-12-26T17:17:05 ssh_stream_read(): fix possible *bytes_read < 0 branch Fix the possibility of returning successfully from ssh_stream_read() with *bytes_read < 0. This would occur if stdout channel read resulted in 0, and stderr channel read failed afterwards.
Chris Bargren ed21fd74 2015-12-22T10:38:31 Handle git+ssh:// and ssh+git:// protocols support
Chris Hescock efd9ab56 2015-11-20T11:26:26 Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set.
Carlos Martín Nieto 1411cb9e 2015-10-02T03:57:14 winhttp: use a custom user-agent if the user has set it We also keep the "git/1.0" prefix in order to maintain compatibility with hosters.
Carlos Martín Nieto 94bac76c 2015-10-02T03:46:34 http: use a custom user-agent if the user has set it We still prefix it with "git/1.0" since that's required in many situations, but we replace the area which mentions libgit2.
Carlos Martín Nieto e0be1d60 2015-10-30T18:23:17 git: put NULL check at the top
Carlos Martín Nieto 45d295e0 2015-10-30T17:51:50 git: accept NULL as argument to its stream free
Carlos Martín Nieto 72b7c570 2015-09-30T09:17:18 Merge pull request #3411 from spraints/custom-push-headers Include custom HTTP headers
Matt Burke d7375662 2015-09-25T10:16:16 Copy custom_headers insteach of referencing the caller's copy
Matt Burke d16c1b97 2015-09-24T10:30:37 These can be static
Matt Burke e60db3c7 2015-09-24T09:24:10 Revise custom header error messages If the header doesn't look like a header (e.g. if it doesn't have a ":" or if it has newlines), report "custom HTTP header '%s' is malformed". If the header has the same name as a header already set by libgit2 (e.g. "Host"), report "HTTP header '%s' is already set by libgit2".
Matt Burke 63cc5723 2015-09-24T09:13:05 Don't null-check
Matt Burke 098f1e6e 2015-09-24T09:09:48 Use an array of forbidden custom headers
Matt Burke 3245896b 2015-09-10T13:18:26 Add a test for custom header validation Also, *some* custom headers actually are valid.
Matt Burke 66d90e70 2015-09-10T09:14:20 More specific names
Matt Burke 8c876fa9 2015-09-10T09:11:16 Validate custom http headers
Matt Burke 35969c68 2015-09-10T08:58:23 Ignore NULL headers
Carlos Martín Nieto 6c21211c 2015-09-09T13:59:38 Merge pull request #3379 from theseion/additional_libssh2_error_reporting report libssh2 error if list of authentication methods can't be retrieved
Matt Burke c82c2ba6 2015-09-08T14:17:59 o i
Matt Burke 80ee2543 2015-09-08T13:38:22 Teach winhttp about the extra headers
Matt Burke 276f6aa0 2015-09-08T14:00:37 Hook up the custom_headers to the http transport
Matt Burke 24f5b4e1 2015-09-08T13:34:42 Drop extra_http_headers from git_remote
Matt Burke 59d6128e 2015-09-04T09:36:50 Allow the world to set HTTP headers for remotes
Matt Burke ac9b5127 2015-09-04T09:20:45 Pull extra_http_headers from the git_remote
Matt Burke 6af6e690 2015-09-04T09:18:32 Put the extra headers on the connection_data instead
Matt Burke c3733e56 2015-09-04T08:56:26 Add more headers to HTTP requests
Carlos Martín Nieto 19475924 2015-08-25T00:39:58 Merge pull request #3355 from palmin/palmin/fix-2830 Include the 4 characters not recognised as hex-number in parse_len
Carlos Martín Nieto 57af0b92 2015-08-19T00:46:28 cred: add a free function wrapper
Carlos Martín Nieto 47ed7e5a 2015-08-18T20:55:59 transport: provide a way to get the callbacks libgit2 implementations of smart subtransports can simply reach through the structure, but external implementors cannot. Add these two functions as a way for the smart subtransports to get the callbacks as set by the user.
Anders Borum 2d1d2bb5 2015-08-05T18:50:25 Include the 4 characters not recognised as hex-number when setting error in parse_len
Edward Thomson 252f86e1 2015-08-15T13:46:32 Merge pull request #3377 from dleehr/fix-push-cb Fix bug in git_smart__push: push_transfer_progress cb is only called at end
Carlos Martín Nieto 11bca2d2 2015-08-15T18:15:23 http: propagate the credentials callback's error code When we ask for credentials, the user may choose to return EUSER to indicate that an error has happened on its end and it wants to be given back control. We must therefore pass that back to the user instead of mentioning that it was on_headers_complete() that returned an error code. Since we can, we return the exact error code from the user (other than PASSTHROUGH) since it doesn't cost anything, though using other error codes aren't recommended.
Max Leske 241414ee 2015-08-14T15:42:59 added a single line of additional error reporting from libssh2 when failing to retrieve the list of authentication methods
Dan Leehr b0b2c722 2015-08-13T22:52:52 Fix bug in git_smart__push: push_transfer_progress cb is never called The conditional checked cbs->transfer_progress then used the value in cbs->push_transfer_progress. In both cases it should be push_transfer_progress
Simon ac728c24 2015-08-03T07:38:07 Handle ssh:// and git:// urls containing a '~' character. For such a path '/~/...' the leading '/' is stripped so the server will get a path starting with '~' and correctly handle it.
Anders Borum 31a76374 2015-07-29T22:23:00 case-insensitive check for WWW-Authenticate header Fixes issue #3338
Carlos Martín Nieto f861abad 2015-07-12T19:56:19 Merge branch 'portable-zu'
Matthew Plough 768f8be3 2015-06-30T19:00:41 Fix #3094 - improve use of portable size_t/ssize_t format specifiers. The header src/cc-compat.h defines portable format specifiers PRIuZ, PRIdZ, and PRIxZ. The original report highlighted the need to use these specifiers in examples/network/fetch.c. For this commit, I checked all C source and header files not in deps/ and transitioned to the appropriate format specifier where appropriate.
Edward Thomson 79698030 2015-06-29T22:51:18 git_cert: child types use proper base type
Carlos Martín Nieto 2f60073d 2015-06-30T21:40:20 Merge pull request #3273 from ethomson/warnings3 More warnings
Pierre-Olivier Latour 1630981e 2015-06-30T09:03:23 http: fixed leak when asking for credentials again t->cred might have been allocated the previous time and needs to be freed before asking caller for credentials again.
Edward Thomson 0305721c 2015-06-30T14:23:41 winhttp: remove unused var
Carlos Martín Nieto 8b380060 2015-06-29T21:12:44 http: don't give up on auth on the first try When the server rejects an authentication request, ask the caller for the credentials again, instead of giving up on the first try.
Carlos Martín Nieto 8443f492 2015-06-11T16:57:04 curl: remove the encrypted param to the constructor We do not want libcurl to perform the TLS negotiation for us, so we don't need to pass this option.
Carlos Martín Nieto f97d5d09 2015-06-11T16:54:48 http: ask for the curl stream for non-encrypted connections The TLS streams talk over the curl stream themselves, so we don't need to ask for it explicitly. Do so in the case of the non-encrypted one so we can still make use proxies in that case.
Carlos Martín Nieto 8762d721 2015-06-07T14:51:10 http: set the proxy if the stream supports it Of the built-in ones, only cURL support it, but there's no reason a user-provided stream wouldn't support it.
Carlos Martín Nieto 8dea1c21 2015-06-05T11:02:11 Implement a curl stream cURL has a mode in which it acts a lot like our streams, providing send and recv functions and taking care of the TLS and proxy setup for us. Implement a new stream which uses libcurl instead of raw sockets or the TLS libraries directly. This version does not support reporting certificates or proxies yet.
Edward Thomson a166466c 2015-06-09T17:06:28 Merge pull request #3198 from libgit2/cmn/coverity A few fixes from Coverity
Carlos Martín Nieto 81be2f46 2015-06-09T16:01:29 ssh: move NULL check to the free function Let `ssh_stream_free()` take a NULL stream, as free functions should, and remove the check from the connection setup. The connection setup would not need the check anyhow, as we always have a stream by the time we reach this code.
Carlos Martín Nieto fdb82dcd 2015-06-07T15:10:13 Merge pull request #3175 from git-up/build_warnings Fixed build warnings on Xcode 6.1
Pierre-Olivier Latour 9f3c18e2 2015-06-02T08:36:15 Fixed build warnings on Xcode 6.1
Marius Ungureanu d71e3b25 2015-06-02T10:23:54 Change error when running out of ssh agent keys
Michał Górny 2629fc87 2015-05-24T22:33:55 cred: Check for null values when getting key from memory The public key field is optional and as such can take NULL. Account for that and do not call strlen() on NULL values. Also assert() for non-NULL values of username & private key.
Michał Górny f7142b5e 2015-05-24T18:38:47 cred: Declare GIT_CREDTYPE_SSH_MEMORY unconditionally Declare GIT_CREDTYPE_SSH_MEMORY to have consistent API independently of whether libgit2 was built with or without in-memory key passing support. Or rather, to have it at all since build-time definitions are not stored in headers.
David Calavera 08e6b875 2015-03-19T14:57:15 Return an error when ssh memory credentials are not supported. To not modify the external api.
David Calavera 7a8b8503 2015-03-17T09:19:15 Add support to read ssh keys from memory.
Carlos Martín Nieto 1396c381 2015-05-18T16:04:55 errors: add GIT_EEOF to indicate early EOF This can be used by tools to show mesages about failing to communicate with the server. The error message in this case will often contain the server's error message, as far as it managed to send anything.
Carlos Martín Nieto e3435673 2015-05-18T15:51:55 ssh: read from stderr if stdout is empty When we fail to read from stdout, it's typically because the URL was wrong and the server process has sent some output over its stderr output. Read that output and set the error message to whatever we read from it.
Marius Ungureanu 7e9a240e 2015-05-14T21:33:55 Make "Early EOF" message start with lowercase
Carlos Martín Nieto 542a7de0 2015-05-14T17:26:09 local: plug a leak in the progress reporting