Re: contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string
On Tue, 3 Sep 2013 13:35:44 -0400 Jeff King wrote: JK> On Tue, Sep 03, 2013 at 11:23:14AM -0400, Ted Zlatanov wrote: >> Yes, you're right. Something like the following (untested) could work >> and does the wildcards, which I will make into a proper patch and test >> if it looks OK to you. ... JK> Yeah, that makes sense to me (and is basically what the credential-cache JK> and credential-store helpers do internally). Thanks for working on this. Sorry for the delay, patch posted. Ted -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string
On Tue, Sep 03, 2013 at 11:23:14AM -0400, Ted Zlatanov wrote: > Yes, you're right. Something like the following (untested) could work > and does the wildcards, which I will make into a proper patch and test > if it looks OK to you. > > Ted > > diff --git a/contrib/credential/netrc/git-credential-netrc > b/contrib/credential/netrc/git-credential-netrc > index 6c51c43..13e537b 100755 > --- a/contrib/credential/netrc/git-credential-netrc > +++ b/contrib/credential/netrc/git-credential-netrc > @@ -369,7 +369,10 @@ sub find_netrc_entry { > { > my $entry_text = join ', ', map { "$_=$entry->{$_}" } keys > %$entry; > foreach my $check (sort keys %$query) { > - if (defined $query->{$check}) { > + if (!defined $entry->{$check}) { > + log_debug("OK: entry has no $check token, so > any value satisfies check $check"); > + } > + elsif (defined $query->{$check}) { > log_debug("compare %s [%s] to [%s] (entry: > %s)", > $check, > $entry->{$check}, Yeah, that makes sense to me (and is basically what the credential-cache and credential-store helpers do internally). Thanks for working on this. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string
On Tue, 27 Aug 2013 16:05:51 -0400 Jeff King wrote: JK> On Mon, Aug 26, 2013 at 08:56:23PM -0700, Junio C Hamano wrote: >> Antoine Pelisse writes: >> >> > I've tried to use the netrc credential with git-send-email >> > (v1.8.4-rc2), and I've had the following log (running with -d -v): >> >> Peff what do you think? From credential layer's point of view, I >> think we make it totally up to the helper to decide if a request >> matches what it supports, and if a particular helper wants to make >> sure it is asked for a specific protocol, that is an OK thing to do, >> but it feels unnecessarily unfriendly and treating missing proto >> specification as a wildcard to talk to the specified host over any >> protocol may not hurt, I would think. JK> Right. It is up to the credential helper to map git's request into JK> whatever storage it has. So I think the right answer is whatever is JK> normal and expected for netrc. JK> Unfortunately that is not really a standardized format. The original JK> netrc was ftp-only, and did not have a port or protocol field at all. JK> Programs like curl extend it automatically to http, and just googling JK> around seems to show other programs using it for imap and smtp. So I JK> think there is some precedence in simply treating a missing "port" field JK> as "match any port/protocol" on the machine. JK> The upside is that it is convenient for the user. The downside is that JK> we might accidentally send a password to a service that the user does JK> not expect, which could compromise security. It would at least be on the JK> matching host, but the protocol might not be as secure as the one the JK> user intended (e.g., smtp without starttls, when the password was meant JK> to only go over imap-over-ssl). This gets tricky, certainly. I'd rather make it convenient because users will, anyway. JK> So I'm on the fence. It is very unlikely to be a bad thing, but if it JK> is, it may expose user passwords in cleartext. If we are going to keep JK> the current behavior, it probably needs to be documented I'm OK with treating missing protocols as wildcards. JK> and certainly: >> > Use of uninitialized value $_[2] in printf at >> > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc >> > line 419. >> > compare protocol [] to [smtp] (entry: password=secret, >> > username=apeli...@gmail.com, host=smtp.gmail.com:587) >> > Use of uninitialized value in string eq at >> > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc >> > line 378. JK> ...these should more cleanly handle the missing field. Yes, you're right. Something like the following (untested) could work and does the wildcards, which I will make into a proper patch and test if it looks OK to you. Ted diff --git a/contrib/credential/netrc/git-credential-netrc b/contrib/credential/netrc/git-credential-netrc index 6c51c43..13e537b 100755 --- a/contrib/credential/netrc/git-credential-netrc +++ b/contrib/credential/netrc/git-credential-netrc @@ -369,7 +369,10 @@ sub find_netrc_entry { { my $entry_text = join ', ', map { "$_=$entry->{$_}" } keys %$entry; foreach my $check (sort keys %$query) { - if (defined $query->{$check}) { + if (!defined $entry->{$check}) { + log_debug("OK: entry has no $check token, so any value satisfies check $check"); + } + elsif (defined $query->{$check}) { log_debug("compare %s [%s] to [%s] (entry: %s)", $check, $entry->{$check}, -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string
On Mon, Aug 26, 2013 at 08:56:23PM -0700, Junio C Hamano wrote: > Antoine Pelisse writes: > > > I've tried to use the netrc credential with git-send-email > > (v1.8.4-rc2), and I've had the following log (running with -d -v): > > Peff what do you think? From credential layer's point of view, I > think we make it totally up to the helper to decide if a request > matches what it supports, and if a particular helper wants to make > sure it is asked for a specific protocol, that is an OK thing to do, > but it feels unnecessarily unfriendly and treating missing proto > specification as a wildcard to talk to the specified host over any > protocol may not hurt, I would think. Right. It is up to the credential helper to map git's request into whatever storage it has. So I think the right answer is whatever is normal and expected for netrc. Unfortunately that is not really a standardized format. The original netrc was ftp-only, and did not have a port or protocol field at all. Programs like curl extend it automatically to http, and just googling around seems to show other programs using it for imap and smtp. So I think there is some precedence in simply treating a missing "port" field as "match any port/protocol" on the machine. The upside is that it is convenient for the user. The downside is that we might accidentally send a password to a service that the user does not expect, which could compromise security. It would at least be on the matching host, but the protocol might not be as secure as the one the user intended (e.g., smtp without starttls, when the password was meant to only go over imap-over-ssl). So I'm on the fence. It is very unlikely to be a bad thing, but if it is, it may expose user passwords in cleartext. If we are going to keep the current behavior, it probably needs to be documented, and certainly: > > Use of uninitialized value $_[2] in printf at > > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc > > line 419. > > compare protocol [] to [smtp] (entry: password=secret, > > username=apeli...@gmail.com, host=smtp.gmail.com:587) > > Use of uninitialized value in string eq at > > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc > > line 378. ...these should more cleanly handle the missing field. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string
Antoine Pelisse writes: > I've tried to use the netrc credential with git-send-email > (v1.8.4-rc2), and I've had the following log (running with -d -v): Peff what do you think? From credential layer's point of view, I think we make it totally up to the helper to decide if a request matches what it supports, and if a particular helper wants to make sure it is asked for a specific protocol, that is an OK thing to do, but it feels unnecessarily unfriendly and treating missing proto specification as a wildcard to talk to the specified host over any protocol may not hurt, I would think. > We were given search token protocol and value smtp > We were given search token host and value smtp.gmail.com:587 > We were given search token username and value apeli...@gmail.com > Searching for host = smtp.gmail.com:587 > Searching for password = (any value) > Searching for path = (any value) > Searching for protocol = smtp > Searching for username = apeli...@gmail.com > Using GPG to open /home/antoine/.authinfo.gpg: [gpg --decrypt > /home/antoine/.authinfo.gpg] > > You need a passphrase to unlock the secret key for > user: "Antoine Pelisse " > 2048-bit RSA key, ID DE2A8792, created 2010-12-31 (main key ID A066A853) > > gpg: encrypted with 2048-bit RSA key, ID DE2A8792, created 2010-12-31 > "Antoine Pelisse " > compare host [smtp.gmail.com:587] to [smtp.gmail.com:587] (entry: > password=secret, username=apeli...@gmail.com, host=smtp.gmail.com:587) > OK: any value satisfies check password > OK: any value satisfies check path > Use of uninitialized value $_[2] in printf at > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc > line 419. > compare protocol [] to [smtp] (entry: password=secret, > username=apeli...@gmail.com, host=smtp.gmail.com:587) > Use of uninitialized value in string eq at > /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc > line 378. > > I can fix the problem by adding a "protocol smtp" to the matching > line, but I wonder why this would be necessary ? After all, if host > smtp.gmail.com:587 matches, do we need to match the protocol ? > > Cheers, > Antoine -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
contrib/credential/netrc/git-credential-netrc: Use of uninitialized value in string
Hello, I've tried to use the netrc credential with git-send-email (v1.8.4-rc2), and I've had the following log (running with -d -v): We were given search token protocol and value smtp We were given search token host and value smtp.gmail.com:587 We were given search token username and value apeli...@gmail.com Searching for host = smtp.gmail.com:587 Searching for password = (any value) Searching for path = (any value) Searching for protocol = smtp Searching for username = apeli...@gmail.com Using GPG to open /home/antoine/.authinfo.gpg: [gpg --decrypt /home/antoine/.authinfo.gpg] You need a passphrase to unlock the secret key for user: "Antoine Pelisse " 2048-bit RSA key, ID DE2A8792, created 2010-12-31 (main key ID A066A853) gpg: encrypted with 2048-bit RSA key, ID DE2A8792, created 2010-12-31 "Antoine Pelisse " compare host [smtp.gmail.com:587] to [smtp.gmail.com:587] (entry: password=secret, username=apeli...@gmail.com, host=smtp.gmail.com:587) OK: any value satisfies check password OK: any value satisfies check path Use of uninitialized value $_[2] in printf at /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc line 419. compare protocol [] to [smtp] (entry: password=secret, username=apeli...@gmail.com, host=smtp.gmail.com:587) Use of uninitialized value in string eq at /home/antoine/code/git/contrib/credential/netrc/git-credential-netrc line 378. I can fix the problem by adding a "protocol smtp" to the matching line, but I wonder why this would be necessary ? After all, if host smtp.gmail.com:587 matches, do we need to match the protocol ? Cheers, Antoine -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html