Commit 46fbc88e by Russell Belfer

Prevent HTTPS to HTTP redirect

parent eb0ff130
...@@ -287,6 +287,11 @@ static int set_connection_data_from_url( ...@@ -287,6 +287,11 @@ static int set_connection_data_from_url(
if (!git__prefixcmp(url, prefix_http)) { if (!git__prefixcmp(url, prefix_http)) {
url = url + strlen(prefix_http); url = url + strlen(prefix_http);
default_port = "80"; default_port = "80";
if (t->use_ssl) {
giterr_set(GITERR_NET, "Redirect from HTTPS to HTTP not allowed");
return -1;
}
} }
if (!git__prefixcmp(url, prefix_https)) { if (!git__prefixcmp(url, prefix_https)) {
...@@ -324,7 +329,7 @@ static int set_connection_data_from_url( ...@@ -324,7 +329,7 @@ static int set_connection_data_from_url(
/* Allow '/'-led urls, or a change of protocol */ /* Allow '/'-led urls, or a change of protocol */
if (original_host != NULL) { if (original_host != NULL) {
if (strcmp(original_host, t->host) && t->location[0] != '/') { if (strcmp(original_host, t->host) && t->location[0] != '/') {
giterr_set(GITERR_NET, "Only same-host redirects are supported"); giterr_set(GITERR_NET, "Cross host redirect not allowed");
error = -1; error = -1;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment