transport/http: Include non-default ports in Host header

When the port is omitted, the server assumes the default port for the
service is used (see
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host). In
cases where the client provided a non-default port, it should be passed
along.

This hasn't been an issue so far as the git protocol doesn't include
server-generated URIs. I encountered this when implementing Rust
registry support for Sonatype Nexus. Rust's registry uses a git
repository for the package index. Clients look at a file in the root of
the package index to find the base URL for downloading the packages.
Sonatype Nexus looks at the incoming HTTP request (Host header and URL)
to determine the client-facing URL base as it may be running behind a
load balancer or reverse proxy. This client-facing URL base is then used
to construct the package download base URL. When libgit2 fetches the
index from Nexus on a non-default port, Nexus trusts the incorrect Host
header and generates an incorrect package download base URL.

1 files changed, 5 insertions, 1 deletions

diff --git a/src/transports/http.c b/src/transports/http.c
index 0942daf3e..51219963c 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -208,7 +208,11 @@ static int gen_request(
 	git_buf_puts(buf, "User-Agent: ");
 	git_http__user_agent(buf);
 	git_buf_puts(buf, "\r\n");
-	git_buf_printf(buf, "Host: %s\r\n", t->connection_data.host);
+	git_buf_printf(buf, "Host: %s", t->connection_data.host);
+	if (strcmp(t->connection_data.port, gitno__default_port(&t->connection_data)) != 0) {
+		git_buf_printf(buf, ":%s", t->connection_data.port);
+	}
+	git_buf_puts(buf, "\r\n");
 
 	if (s->chunked || content_length > 0) {
 		git_buf_printf(buf, "Accept: application/x-git-%s-result\r\n", s->service);