8000 Pass hostkey & port to host verify callback by fxcoudert · Pull Request #6503 · libgit2/libgit2 · GitHub
[go: up one dir, main page]
Skip to content

Pass hostkey & port to host verify callback #6503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Feb 24, 2023
Merged

Pass hostkey & port to host verify callback #6503

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c2bdef6
net: parse urls or scp style paths in the same function
Feb 24, 2023
f68b40c
Pass hostkey & port to host verify callback
fxcoudert Feb 24, 2023
43e84e2
tests: validate host and port for ssh tests when non-standard
Feb 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 18 additions & 14 deletions src/libgit2/transports/ssh.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -651,6 +651,8 @@ static int check_against_known_hosts(
return ret;
}

#define SSH_DEFAULT_PORT 22

/*
* Perform the check for the session's certificate against known hosts if
* possible and then ask the user if they have a callback.
Expand Down Expand Up @@ -748,23 +750,29 @@ static int check_certificate(
if (check_cb != NULL) {
git_cert_hostkey *cert_ptr = &cert;
git_error_state previous_error = {0};
const char *host_ptr = host;
git_str host_and_port = GIT_STR_INIT;

if (port != SSH_DEFAULT_PORT) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_git_ssh_setup_conn sets port to -1 to indicate default but here it is compared to SSH_DEFAULT_PORT that is defined as 22.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does. But git_net_url_parse and friends should enforce that the port is a number, and set them to the default if the port number is omitted. So the port = -1 should never be reached. As a result, I changed the strtol failure to an actual error. Good catch, thanks!

git_str_printf(&host_and_port, "%s:%d", host, port);
host_ptr = host_and_port.ptr;
}
Copy link
Member
@ethomson ethomson Feb 24, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use our git_str class here, and we should avoid the unnecessary strdup in the common case. Something more like:

const char *host_ptr = host;
git_str host_and_port = GIT_STR_INIT;

if (port != SSH_DEFAULT_PORT) {
    git_str_printf(&host_and_port, "%s:%d", host, port);
    host_ptr = host_and_port.ptr;
}

// use host_ptr

git_str_free(&host_and_port);


git_error_state_capture(&previous_error, error);
error = check_cb((git_cert *) cert_ptr, cert_valid, host, check_cb_payload);
error = check_cb((git_cert *) cert_ptr, cert_valid, host_ptr, check_cb_payload);
if (error == GIT_PASSTHROUGH) {
error = git_error_state_restore(&previous_error);
} else if (error < 0 && !git_error_last()) {
git_error_set(GIT_ERROR_NET, "unknown remote host key");
}

git_error_state_free(&previous_error);
git_str_dispose(&host_and_port);
}

return error;
}

#define SSH_DEFAULT_PORT "22"

static int _git_ssh_setup_conn(
ssh_subtransport *t,
const char *url,
Expand All @@ -788,15 +796,8 @@ static int _git_ssh_setup_conn(
s->session = NULL;
s->channel = NULL;

if (git_net_str_is_url(url))
error = git_net_url_parse(&s->url, url);
else
error = git_net_url_parse_scp(&s->url, url);

if (error < 0)
goto done;

if ((error = git_socket_stream_new(&s->io, s->url.host, s->url.port)) < 0 ||
if ((error = git_net_url_parse_standard_or_scp(&s->url, url)) < 0 ||
(error = git_socket_stream_new(&s->io, s->url.host, s->url.port)) < 0 ||
(error = git_stream_connect(s->io)) < 0)
goto done;

Expand All @@ -806,8 +807,11 @@ static int _git_ssh_setup_conn(
* as part of the stream connection, but that's not something that's
* exposed.
*/
if (git__strntol32(&port, s->url.port, strlen(s->url.port), NULL, 10) < 0)
port = -1;
if (git__strntol32(&port, s->url.port, strlen(s->url.port), NULL, 10) < 0) {
git_error_set(GIT_ERROR_NET, "invalid port to ssh: %s", s->url.port);
error = -1;
goto done;
}

if ((error = _git_ssh_session_create(&session, &known_hosts, s->url.host, port, s->io)) < 0)
goto done;
Expand Down
7 changes: 7 additions & 0 deletions src/util/net.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -646,6 +646,13 @@ int git_net_url_parse_scp(git_net_url *url, const char *given)
return 0;
}

int git_net_url_parse_standard_or_scp(git_net_url *url, const char *given)
{
return git_net_str_is_url(given) ?
git_net_url_parse(url, given) :
git_net_url_parse_scp(url, given);
}

int git_net_url_joinpath(
git_net_url *out,
git_net_url *one,
Expand Down
6 changes: 6 additions & 0 deletions src/util/net.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@ extern int git_net_url_parse(git_net_url *url, const char *str);
/** Parses a string containing an SCP style path into a URL structure. */
extern int git_net_url_parse_scp(git_net_url *url, const char *str);

/**
* Parses a string containing a standard URL or an SCP style path into
* a URL structure.
*/
extern int git_net_url_parse_standard_or_scp(git_net_url *url, const char *str);

/** Appends a path and/or query string to the given URL */
extern int git_net_url_joinpath(
git_net_url *out,
Expand Down
12 changes: 11 additions & 1 deletion tests/libgit2/online/clone.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -787,10 +787,19 @@ static int ssh_certificate_check(git_cert *cert, int valid, const char *host, vo
{
git_cert_hostkey *key;
git_oid expected = GIT_OID_SHA1_ZERO, actual = GIT_OID_SHA1_ZERO;
git_str expected_host = GIT_STR_INIT;
git_net_url parsed_url = GIT_NET_URL_INIT;

GIT_UNUSED(valid);
GIT_UNUSED(payload);

cl_git_pass(git_net_url_parse_standard_or_scp(&parsed_url, _remote_url));
cl_git_pass(git_str_printf(&expected_host, "%s%s%s",
parsed_url.host,
git_net_url_is_default_port(&parsed_url) ? "" : ":",
git_net_url_is_default_port(&parsed_url) ? "" : parsed_url.port));
cl_assert_equal_s(expected_host.ptr, host);

cl_assert(_remote_ssh_fingerprint);

cl_git_pass(git_oid__fromstrp(&expected, _remote_ssh_fingerprint, GIT_OID_SHA1));
Expand All @@ -812,7 +821,8 @@ static int ssh_certificate_check(git_cert *cert, int valid, const char *host, vo

cl_assert(!memcmp(&expected, &actual, 20));

cl_assert_equal_s("localhost", host);
git_net_url_dispose(&parsed_url);
git_str_dispose(&expected_host);

return GIT_EUSER;
}
Expand Down
0