Fossil SCM
Move the X-Fossil-Xfer-Login header check to the correct end of the connection. It is receiving these from libfossil tests but is failing to validate them, but that may well be a bug in that brand new downstream code.
Commit
b49c9b3685e392a20bcd75dfffd46622707c34b955bb9c2d44245ff704e142f5
Parent
a4c5a2a9618bf45…
3 files changed
+3
+2
-4
+2
+3
| --- src/cgi.c | ||
| +++ src/cgi.c | ||
| @@ -2221,10 +2221,13 @@ | ||
| 2221 | 2221 | int x2 = 0; |
| 2222 | 2222 | if( sscanf(zVal,"bytes=%d-%d",&x1,&x2)==2 && x1>=0 && x1<=x2 ){ |
| 2223 | 2223 | rangeStart = x1; |
| 2224 | 2224 | rangeEnd = x2+1; |
| 2225 | 2225 | } |
| 2226 | + }else if( fossil_strcmp(zFieldName, "x-fossil-xfer-login:")==0 ){ | |
| 2227 | + g.zLoginCard = fossil_strdup(zVal); | |
| 2228 | + /*fprintf(stderr, "X-Fossil-Xfer-Login: %s\n", g.zLoginCard);*/ | |
| 2226 | 2229 | } |
| 2227 | 2230 | } |
| 2228 | 2231 | cgi_setenv("REQUEST_SCHEME",zScheme); |
| 2229 | 2232 | cgi_init(); |
| 2230 | 2233 | cgi_trace(0); |
| 2231 | 2234 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -2221,10 +2221,13 @@ | |
| 2221 | int x2 = 0; |
| 2222 | if( sscanf(zVal,"bytes=%d-%d",&x1,&x2)==2 && x1>=0 && x1<=x2 ){ |
| 2223 | rangeStart = x1; |
| 2224 | rangeEnd = x2+1; |
| 2225 | } |
| 2226 | } |
| 2227 | } |
| 2228 | cgi_setenv("REQUEST_SCHEME",zScheme); |
| 2229 | cgi_init(); |
| 2230 | cgi_trace(0); |
| 2231 |
| --- src/cgi.c | |
| +++ src/cgi.c | |
| @@ -2221,10 +2221,13 @@ | |
| 2221 | int x2 = 0; |
| 2222 | if( sscanf(zVal,"bytes=%d-%d",&x1,&x2)==2 && x1>=0 && x1<=x2 ){ |
| 2223 | rangeStart = x1; |
| 2224 | rangeEnd = x2+1; |
| 2225 | } |
| 2226 | }else if( fossil_strcmp(zFieldName, "x-fossil-xfer-login:")==0 ){ |
| 2227 | g.zLoginCard = fossil_strdup(zVal); |
| 2228 | /*fprintf(stderr, "X-Fossil-Xfer-Login: %s\n", g.zLoginCard);*/ |
| 2229 | } |
| 2230 | } |
| 2231 | cgi_setenv("REQUEST_SCHEME",zScheme); |
| 2232 | cgi_init(); |
| 2233 | cgi_trace(0); |
| 2234 |
+2
-4
| --- src/http.c | ||
| +++ src/http.c | ||
| @@ -68,14 +68,14 @@ | ||
| 68 | 68 | Blob pw; /* The nonce with user password appended */ |
| 69 | 69 | Blob sig; /* The signature field */ |
| 70 | 70 | |
| 71 | 71 | blob_zero(pLogin); |
| 72 | 72 | if( g.url.user==0 || fossil_strcmp(g.url.user, "anonymous")==0 ){ |
| 73 | - return; /* If no login card for users "nobody" and "anonymous" */ | |
| 73 | + return; /* No login card for users "nobody" and "anonymous" */ | |
| 74 | 74 | } |
| 75 | 75 | if( g.url.isSsh ){ |
| 76 | - return; /* If no login card for SSH: */ | |
| 76 | + return; /* No login card for SSH: */ | |
| 77 | 77 | } |
| 78 | 78 | blob_zero(&nonce); |
| 79 | 79 | blob_zero(&pw); |
| 80 | 80 | sha1sum_blob(pPayload, &nonce); |
| 81 | 81 | blob_copy(&pw, &nonce); |
| @@ -635,12 +635,10 @@ | ||
| 635 | 635 | if( mHttpFlags & HTTP_NOCOMPRESS ) isCompressed = 0; |
| 636 | 636 | }else if( fossil_strnicmp(&zLine[14], "application/x-fossil", -1)!=0 ){ |
| 637 | 637 | isError = 1; |
| 638 | 638 | } |
| 639 | 639 | } |
| 640 | - }else if( fossil_strnicmp(zLine, "x-fossil-xfer-login: ", 21)==0 ){ | |
| 641 | - g.zLoginCard = fossil_strdup(&zLine[21]); | |
| 642 | 640 | } |
| 643 | 641 | } |
| 644 | 642 | if( iHttpVersion<0 ){ |
| 645 | 643 | /* We got nothing back from the server. If using the ssh: protocol, |
| 646 | 644 | ** this might mean we need to add or remove the PATH=... argument |
| 647 | 645 |
| --- src/http.c | |
| +++ src/http.c | |
| @@ -68,14 +68,14 @@ | |
| 68 | Blob pw; /* The nonce with user password appended */ |
| 69 | Blob sig; /* The signature field */ |
| 70 | |
| 71 | blob_zero(pLogin); |
| 72 | if( g.url.user==0 || fossil_strcmp(g.url.user, "anonymous")==0 ){ |
| 73 | return; /* If no login card for users "nobody" and "anonymous" */ |
| 74 | } |
| 75 | if( g.url.isSsh ){ |
| 76 | return; /* If no login card for SSH: */ |
| 77 | } |
| 78 | blob_zero(&nonce); |
| 79 | blob_zero(&pw); |
| 80 | sha1sum_blob(pPayload, &nonce); |
| 81 | blob_copy(&pw, &nonce); |
| @@ -635,12 +635,10 @@ | |
| 635 | if( mHttpFlags & HTTP_NOCOMPRESS ) isCompressed = 0; |
| 636 | }else if( fossil_strnicmp(&zLine[14], "application/x-fossil", -1)!=0 ){ |
| 637 | isError = 1; |
| 638 | } |
| 639 | } |
| 640 | }else if( fossil_strnicmp(zLine, "x-fossil-xfer-login: ", 21)==0 ){ |
| 641 | g.zLoginCard = fossil_strdup(&zLine[21]); |
| 642 | } |
| 643 | } |
| 644 | if( iHttpVersion<0 ){ |
| 645 | /* We got nothing back from the server. If using the ssh: protocol, |
| 646 | ** this might mean we need to add or remove the PATH=... argument |
| 647 |
| --- src/http.c | |
| +++ src/http.c | |
| @@ -68,14 +68,14 @@ | |
| 68 | Blob pw; /* The nonce with user password appended */ |
| 69 | Blob sig; /* The signature field */ |
| 70 | |
| 71 | blob_zero(pLogin); |
| 72 | if( g.url.user==0 || fossil_strcmp(g.url.user, "anonymous")==0 ){ |
| 73 | return; /* No login card for users "nobody" and "anonymous" */ |
| 74 | } |
| 75 | if( g.url.isSsh ){ |
| 76 | return; /* No login card for SSH: */ |
| 77 | } |
| 78 | blob_zero(&nonce); |
| 79 | blob_zero(&pw); |
| 80 | sha1sum_blob(pPayload, &nonce); |
| 81 | blob_copy(&pw, &nonce); |
| @@ -635,12 +635,10 @@ | |
| 635 | if( mHttpFlags & HTTP_NOCOMPRESS ) isCompressed = 0; |
| 636 | }else if( fossil_strnicmp(&zLine[14], "application/x-fossil", -1)!=0 ){ |
| 637 | isError = 1; |
| 638 | } |
| 639 | } |
| 640 | } |
| 641 | } |
| 642 | if( iHttpVersion<0 ){ |
| 643 | /* We got nothing back from the server. If using the ssh: protocol, |
| 644 | ** this might mean we need to add or remove the PATH=... argument |
| 645 |
+2
| --- src/xfer.c | ||
| +++ src/xfer.c | ||
| @@ -1323,10 +1323,12 @@ | ||
| 1323 | 1323 | blob_init(&xfer.line, g.zLoginCard, -1); |
| 1324 | 1324 | xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken, |
| 1325 | 1325 | count(xfer.aToken)); |
| 1326 | 1326 | if( xfer.nToken==4 |
| 1327 | 1327 | && blob_eq(&xfer.aToken[0], "login") ){ |
| 1328 | + /*fprintf(stderr,"g.zLoginCard=%s nToken=%d\n", g.zLoginCard, | |
| 1329 | + xfer.nToken);*/ | |
| 1328 | 1330 | goto handle_login_card; |
| 1329 | 1331 | } |
| 1330 | 1332 | fossil_free( g.zLoginCard ); |
| 1331 | 1333 | g.zLoginCard = 0; |
| 1332 | 1334 | } |
| 1333 | 1335 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -1323,10 +1323,12 @@ | |
| 1323 | blob_init(&xfer.line, g.zLoginCard, -1); |
| 1324 | xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken, |
| 1325 | count(xfer.aToken)); |
| 1326 | if( xfer.nToken==4 |
| 1327 | && blob_eq(&xfer.aToken[0], "login") ){ |
| 1328 | goto handle_login_card; |
| 1329 | } |
| 1330 | fossil_free( g.zLoginCard ); |
| 1331 | g.zLoginCard = 0; |
| 1332 | } |
| 1333 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -1323,10 +1323,12 @@ | |
| 1323 | blob_init(&xfer.line, g.zLoginCard, -1); |
| 1324 | xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken, |
| 1325 | count(xfer.aToken)); |
| 1326 | if( xfer.nToken==4 |
| 1327 | && blob_eq(&xfer.aToken[0], "login") ){ |
| 1328 | /*fprintf(stderr,"g.zLoginCard=%s nToken=%d\n", g.zLoginCard, |
| 1329 | xfer.nToken);*/ |
| 1330 | goto handle_login_card; |
| 1331 | } |
| 1332 | fossil_free( g.zLoginCard ); |
| 1333 | g.zLoginCard = 0; |
| 1334 | } |
| 1335 |