aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrandon Casey <drafnel@gmail.com>2013-06-18 19:43:49 -0700
committerJunio C Hamano <gitster@pobox.com>2013-06-19 10:00:26 -0700
commita94cf2cb7e77c27ce5c3d648e37c1aa75cd5e56e (patch)
treeeabaeaa47f6013fcab6d86985b763a0e2407a588
parent04a74b6cfa5ef4870263f84ac94a488d9f2ef14a (diff)
downloadgit-a94cf2cb7e77c27ce5c3d648e37c1aa75cd5e56e.tar.gz
git-a94cf2cb7e77c27ce5c3d648e37c1aa75cd5e56e.tar.xz
http.c: don't rewrite the user:passwd string multiple times
Curl older than 7.17 (RHEL 4.X provides 7.12 and RHEL 5.X provides 7.15) requires that we manage any strings that we pass to it as pointers. So, we really shouldn't be modifying this strbuf after we have passed it to curl. Our interaction with curl is currently safe (before or after this patch) since the pointer that is passed to curl is never invalidated; it is repeatedly rewritten with the same sequence of characters but the strbuf functions never need to allocate a larger string, so the same memory buffer is reused. This "guarantee" of safety is somewhat subtle and could be overlooked by someone who may want to add a more complex handling of the username and password. So, let's stop modifying this strbuf after we have passed it to curl, but also leave a note to describe the assumptions that have been made about username/password lifetime and to draw attention to the code. Signed-off-by: Brandon Casey <drafnel@gmail.com> Acked-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--http.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/http.c b/http.c
index d9d1aad3b..c02246a78 100644
--- a/http.c
+++ b/http.c
@@ -222,9 +222,15 @@ static void init_curl_http_auth(CURL *result)
#else
{
static struct strbuf up = STRBUF_INIT;
- strbuf_reset(&up);
- strbuf_addf(&up, "%s:%s",
- http_auth.username, http_auth.password);
+ /*
+ * Note that we assume we only ever have a single set of
+ * credentials in a given program run, so we do not have
+ * to worry about updating this buffer, only setting its
+ * initial value.
+ */
+ if (!up.len)
+ strbuf_addf(&up, "%s:%s",
+ http_auth.username, http_auth.password);
curl_easy_setopt(result, CURLOPT_USERPWD, up.buf);
}
#endif