http: limit redirection depth
By default, libcurl will follow circular http redirects forever. Let's put a cap on this so that somebody who can trigger an automated fetch of an arbitrary repository (e.g., for CI) cannot convince git to loop infinitely. The value chosen is 20, which is the same default that Firefox uses. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
f4113cac0c
commit
b258116462
1
http.c
1
http.c
@ -352,6 +352,7 @@ static CURL *get_curl_handle(void)
|
||||
}
|
||||
|
||||
curl_easy_setopt(result, CURLOPT_FOLLOWLOCATION, 1);
|
||||
curl_easy_setopt(result, CURLOPT_MAXREDIRS, 20);
|
||||
#if LIBCURL_VERSION_NUM >= 0x071301
|
||||
curl_easy_setopt(result, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL);
|
||||
#elif LIBCURL_VERSION_NUM >= 0x071101
|
||||
|
@ -121,6 +121,9 @@ RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301]
|
||||
RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
|
||||
RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]
|
||||
|
||||
RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302]
|
||||
RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302]
|
||||
|
||||
<IfDefine SSL>
|
||||
LoadModule ssl_module modules/mod_ssl.so
|
||||
|
||||
|
@ -25,5 +25,9 @@ test_expect_success 'curl redirects respect whitelist' '
|
||||
}
|
||||
'
|
||||
|
||||
test_expect_success 'curl limits redirects' '
|
||||
test_must_fail git clone "$HTTPD_URL/loop-redir/smart/repo.git"
|
||||
'
|
||||
|
||||
stop_httpd
|
||||
test_done
|
||||
|
Loading…
Reference in New Issue
Block a user