diff options
-rw-r--r-- | credential.c | 9 | ||||
-rwxr-xr-x | t/t0300-credentials.sh | 36 |
2 files changed, 43 insertions, 2 deletions
diff --git a/credential.c b/credential.c index 21b3ba152f..8aa9777548 100644 --- a/credential.c +++ b/credential.c @@ -388,7 +388,14 @@ int credential_from_url_gently(struct credential *c, const char *url, cp = proto_end + 3; at = strchr(cp, '@'); colon = strchr(cp, ':'); - slash = strchrnul(cp, '/'); + + /* + * A query or fragment marker before the slash ends the host portion. + * We'll just continue to call this "slash" for simplicity. Notably our + * "trim leading slashes" part won't skip over this part of the path, + * but that's what we'd want. + */ + slash = cp + strcspn(cp, "/?#"); if (!at || slash <= at) { /* Case (1) */ diff --git a/t/t0300-credentials.sh b/t/t0300-credentials.sh index 5b78ebbc3f..b6ec676989 100755 --- a/t/t0300-credentials.sh +++ b/t/t0300-credentials.sh @@ -443,11 +443,45 @@ test_expect_success 'url parser ignores embedded newlines' ' username=askpass-username password=askpass-password -- - warning: url contains a newline in its host component: https://one.example.com?%0ahost=two.example.com/ + warning: url contains a newline in its path component: https://one.example.com?%0ahost=two.example.com/ warning: skipping credential lookup for url: https://one.example.com?%0ahost=two.example.com/ askpass: Username: askpass: Password: EOF ' +# usage: check_host_and_path <url> <expected-host> <expected-path> +check_host_and_path () { + # we always parse the path component, but we need this to make sure it + # is passed to the helper + test_config credential.useHTTPPath true && + check fill "verbatim user pass" <<-EOF + url=$1 + -- + protocol=https + host=$2 + path=$3 + username=user + password=pass + -- + verbatim: get + verbatim: protocol=https + verbatim: host=$2 + verbatim: path=$3 + EOF +} + +test_expect_success 'url parser handles bare query marker' ' + check_host_and_path https://example.com?foo.git example.com ?foo.git +' + +test_expect_success 'url parser handles bare fragment marker' ' + check_host_and_path https://example.com#foo.git example.com "#foo.git" +' + +test_expect_success 'url parser not confused by encoded markers' ' + check_host_and_path https://example.com%23%3f%2f/foo.git \ + "example.com#?/" foo.git +' + test_done |