| commit | 17f4b01da7a4d67d6c22d37904bdbbbddd81b9ac | [log] [tgz] |
|---|---|---|
| author | Jeff King <peff@peff.net> | Thu Dec 18 07:18:19 2025 -0500 |
| committer | Junio C Hamano <gitster@pobox.com> | Thu Dec 18 22:02:15 2025 +0900 |
| tree | 83d56770af983cf37fccc112bf1607a09396c244 | |
| parent | 2c6fc31e04b32d5a8523cfe69e4495f188e86ec3 [diff] |
t5563: add missing end-of-line in HTTP header In t5563, we test how various oddly-formatted WWW-Authenticate headers are passed through curl to git's credential subsystem (and ultimately out to credential helpers). One test, "access using basic auth with wwwauth header mixed line-endings" does something odd. It does not mix line endings at all (which must be CRLF according to the RFC anyway), but omits the line ending entirely for the final header! This means that the server produces an incomplete response. We send our final header, and then the newline which is meant to mark the end of headers (and the start of the body) becomes the line ending for that header. And there is no header/body separator in the output at all. Looking at strace, this is what the client reads: recvfrom(9, "WWW-Authenticate: FooBar param1=\"value1\"\r\n \r\n\tparam2=\"value2\"\r\nWWW-Authenticate: Basic realm=\"example.com\"", 16384, 0, NULL, NULL) = 106 recvfrom(9, "\n", 16384, 0, NULL, NULL) = 1 recvfrom(9, "", 16384, 0, NULL, NULL) = 0 The headers themselves are produced from the custom-auth.challenge file we write in the test (which is missing the final CRLF), and then the header/body separator comes from our lib-httpd/nph-custom-auth.sh CGI. (Ignore for a moment that it is producing a bare newline, which I think is a bug; it should be a CRLF but curl is happy with either). Older versions of curl seemed to be OK with the truncated output, but the upcoming 8.18.0 release seems to get confused. Specifically, since 67ae101666 (http: unfold response headers earlier, 2025-12-12) our request to the server fails with insufficient credentials. I traced far enough to see that curl does relay the header back to us, which we then pass to a credential helper, which gives us the correct username/password combination. But on our followup request, curl refuses to send the Authorization header (and so gets an HTTP 401 again). The change in curl's behavior is a bit unexpected, but since we are sending it garbage, it is hard to complain too much. Let's add the missing CRLF to the header. I _think_ this was just an oversight and not the intent of the test. And that the "mixed line-endings" really meant "mixed continuations", since we differ from the previous test in continuing with both space and tab. So I've likewise updated the test title to match that assumption. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals.
Git is an Open Source project covered by the GNU General Public License version 2 (some parts of it are under different licenses, compatible with the GPLv2). It was originally written by Linus Torvalds with help of a group of hackers around the net.
Please read the file INSTALL for installation instructions.
Many Git online resources are accessible from https://git-scm.com/ including full documentation and Git related tools.
See Documentation/gittutorial.adoc to get started, then see Documentation/giteveryday.adoc for a useful minimum set of commands, and Documentation/git-<commandname>.adoc for documentation of each command. If git has been correctly installed, then the tutorial can also be read with man gittutorial or git help tutorial, and the documentation of each command with man git-<commandname> or git help <commandname>.
CVS users may also want to read Documentation/gitcvs-migration.adoc (man gitcvs-migration or git help cvs-migration if git is installed).
The user discussion and development of Git take place on the Git mailing list -- everyone is welcome to post bug reports, feature requests, comments and patches to git@vger.kernel.org (read Documentation/SubmittingPatches for instructions on patch submission and Documentation/CodingGuidelines).
Those wishing to help with error message, usage and informational message string translations (localization l10) should see po/README.md (a po file is a Portable Object file that holds the translations).
To subscribe to the list, send an email to git+subscribe@vger.kernel.org (see https://subspace.kernel.org/subscribing.html for details). The mailing list archives are available at https://lore.kernel.org/git/, https://marc.info/?l=git and other archival sites.
Issues which are security relevant should be disclosed privately to the Git Security mailing list git-security@googlegroups.com.
The maintainer frequently sends the “What's cooking” reports that list the current status of various development topics to the mailing list. The discussion following them give a good reference for project status, development direction and remaining tasks.
The name “git” was given by Linus Torvalds when he wrote the very first version. He described the tool as “the stupid content tracker” and the name as (depending on your mood):