Re: contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string

public inbox for git@vger.kernel.org 
 help / color / mirror / Atom feed

From: Ted Zlatanov <tzz@lifelogs•com>
To: git@vger•kernel.org
Subject: Re: contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string
Date: Tue, 03 Sep 2013 11:23:14 -0400	[thread overview]
Message-ID: <87k3iyhqu5.fsf@lifelogs.com> (raw)
In-Reply-To: 20130827200550.GA17443@sigill.intra.peff.net

On Tue, 27 Aug 2013 16:05:51 -0400 Jeff King <peff@peff•net> wrote: 

JK> On Mon, Aug 26, 2013 at 08:56:23PM -0700, Junio C Hamano wrote:
>> Antoine Pelisse <apelisse@gmail•com> writes:
>> 
>> > I've tried to use the netrc credential with git-send-email
>> > (v1.8.4-rc2), and I've had the following log (running with -d -v):
>> 
>> Peff what do you think?  From credential layer's point of view, I
>> think we make it totally up to the helper to decide if a request
>> matches what it supports, and if a particular helper wants to make
>> sure it is asked for a specific protocol, that is an OK thing to do,
>> but it feels unnecessarily unfriendly and treating missing proto
>> specification as a wildcard to talk to the specified host over any
>> protocol may not hurt, I would think.

JK> Right. It is up to the credential helper to map git's request into
JK> whatever storage it has. So I think the right answer is whatever is
JK> normal and expected for netrc.

JK> Unfortunately that is not really a standardized format. The original
JK> netrc was ftp-only, and did not have a port or protocol field at all.
JK> Programs like curl extend it automatically to http, and just googling
JK> around seems to show other programs using it for imap and smtp. So I
JK> think there is some precedence in simply treating a missing "port" field
JK> as "match any port/protocol" on the machine.

JK> The upside is that it is convenient for the user. The downside is that
JK> we might accidentally send a password to a service that the user does
JK> not expect, which could compromise security. It would at least be on the
JK> matching host, but the protocol might not be as secure as the one the
JK> user intended (e.g., smtp without starttls, when the password was meant
JK> to only go over imap-over-ssl).

This gets tricky, certainly.  I'd rather make it convenient because
users will, anyway.

JK> So I'm on the fence. It is very unlikely to be a bad thing, but if it
JK> is, it may expose user passwords in cleartext. If we are going to keep
JK> the current behavior, it probably needs to be documented

I'm OK with treating missing protocols as wildcards.

JK> and certainly:

>> > Use of uninitialized value $_[2] in printf at
>> > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc
>> > line 419.
>> > compare protocol [] to [smtp] (entry: password=secret,
>> > username=apelisse@gmail•com, host=smtp.gmail.com:587)
>> > Use of uninitialized value in string eq at
>> > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc
>> > line 378.

JK> ...these should more cleanly handle the missing field.

Yes, you're right.  Something like the following (untested) could work
and does the wildcards, which I will make into a proper patch and test
if it looks OK to you.

Ted

diff --git a/contrib/credential/netrc/git-credential-netrc b/contrib/credential/netrc/git-credential-netrc
index 6c51c43..13e537b 100755
--- a/contrib/credential/netrc/git-credential-netrc
+++ b/contrib/credential/netrc/git-credential-netrc
@@ -369,7 +369,10 @@ sub find_netrc_entry {
        {
                my $entry_text = join ', ', map { "$_=$entry->{$_}" } keys %$entry;
                foreach my $check (sort keys %$query) {
-                       if (defined $query->{$check}) {
+                       if (!defined $entry->{$check}) {
+                              log_debug("OK: entry has no $check token, so any value satisfies check $check");
+                       }
+                       elsif (defined $query->{$check}) {
                                log_debug("compare %s [%s] to [%s] (entry: %s)",
                                          $check,
                                          $entry->{$check},

next prev parent reply	other threads:[~2013-09-03 15:23 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-24 14:55 contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string Antoine Pelisse
2013-08-27  3:56 ` Junio C Hamano
2013-08-27 20:05   ` Jeff King
2013-09-03 15:23     ` Ted Zlatanov [this message]
2013-09-03 17:35       ` Jeff King
2013-10-08 14:34         ` Ted Zlatanov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6c51c43 dfblob:13e537b )
 OR (
bs:"Re: contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87k3iyhqu5.fsf@lifelogs.com \
    --to=tzz@lifelogs$(echo .)com \
    --cc=git@vger$(echo .)kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox