Commit 7a5682f5 by Carlos Martín Nieto

http: enforce the credential types

The user may decide to return any type of credential, including ones we
did not say we support. Add a check to make sure the user returned an
object of the right type and error out if not.
parent f008aeb8
...@@ -350,6 +350,11 @@ static int on_headers_complete(http_parser *parser) ...@@ -350,6 +350,11 @@ static int on_headers_complete(http_parser *parser)
} else { } else {
assert(t->cred); assert(t->cred);
if (!(t->cred->credtype & allowed_auth_types)) {
giterr_set(GITERR_NET, "credentials callback returned an invalid cred type");
return t->parse_error = PARSE_ERROR_GENERIC;
}
/* Successfully acquired a credential. */ /* Successfully acquired a credential. */
t->parse_error = PARSE_ERROR_REPLAY; t->parse_error = PARSE_ERROR_REPLAY;
return 0; return 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment