Merge branch 'jk/forbid-lf-in-git-url' into maint

Newline characters in the host and path part of git:// URL are
now forbidden.

* jk/forbid-lf-in-git-url:
  fsck: reject .gitmodules git:// urls with newlines
  git_connect_git(): forbid newlines in host and path

connect.c

@@ -1160,6 +1160,8 @@ static struct child_process *git_connect_git(int fd[2], char *hostandport,
 		target_host = xstrdup(hostandport);
 
 	transport_check_allowed("git");
+	if (strchr(target_host, '\n') || strchr(path, '\n'))
+		die(_("newline is forbidden in git:// hosts and repo paths"));
 
 	/*
 	 * These underlying connection commands die() if they

fsck.c

@@ -1082,7 +1082,7 @@ static int check_submodule_url(const char *url)
 	if (looks_like_command_line_option(url))
 		return -1;
 
-	if (submodule_url_is_relative(url)) {
+	if (submodule_url_is_relative(url) || starts_with(url, "git://")) {
 		char *decoded;
 		const char *next;
 		int has_nl;

t/t5570-git-daemon.sh

@@ -103,6 +103,11 @@ test_expect_success 'fetch notices corrupt idx' '
 	)
 '
 
+test_expect_success 'client refuses to ask for repo with newline' '
+	test_must_fail git clone "$GIT_DAEMON_URL/repo$LF.git" dst 2>stderr &&
+	test_i18ngrep newline.is.forbidden stderr
+'
+
 test_remote_error()
 {
 	do_export=YesPlease

t/t7416-submodule-dash-url.sh

@@ -201,4 +201,19 @@ test_expect_success 'fsck rejects embedded newline in relative url' '
 	grep gitmodulesUrl err
 '
 
+test_expect_success 'fsck rejects embedded newline in git url' '
+	git checkout --orphan git-newline &&
+	cat >.gitmodules <<-\EOF &&
+	[submodule "foo"]
+	url = "git://example.com:1234/repo%0a.git"
+	EOF
+	git add .gitmodules &&
+	git commit -m "git url with newline" &&
+	test_when_finished "rm -rf dst" &&
+	git init --bare dst &&
+	git -C dst config transfer.fsckObjects true &&
+	test_must_fail git push dst HEAD 2>err &&
+	grep gitmodulesUrl err
+'
+
 test_done