diff options
author | Carlos Martín Nieto <cmn@dwim.me> | 2015-03-03 17:23:01 +0100 |
---|---|---|
committer | Carlos Martín Nieto <cmn@dwim.me> | 2015-03-21 21:12:10 +0100 |
commit | 7a5682f5936b60df71cc482cb32742d4aacacae4 (patch) | |
tree | 3f33cfd228d68a8a2219799bdfe5dd33f6e9c17b | |
parent | f008aeb8a9370b9be492f1f4f327a7216ba21bc0 (diff) | |
download | libgit2-7a5682f5936b60df71cc482cb32742d4aacacae4.tar.gz |
http: enforce the credential types
The user may decide to return any type of credential, including ones we
did not say we support. Add a check to make sure the user returned an
object of the right type and error out if not.
-rw-r--r-- | src/transports/http.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/transports/http.c b/src/transports/http.c index 807e08044..0907afa6d 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -350,6 +350,11 @@ static int on_headers_complete(http_parser *parser) } else { assert(t->cred); + if (!(t->cred->credtype & allowed_auth_types)) { + giterr_set(GITERR_NET, "credentials callback returned an invalid cred type"); + return t->parse_error = PARSE_ERROR_GENERIC; + } + /* Successfully acquired a credential. */ t->parse_error = PARSE_ERROR_REPLAY; return 0; |