Bundle-URI can use the heuristic 'creationToken'. With this heuristic
each bundle should specify a 'creationToken' next to the 'uri'
attribute. But this allows misconfiguration where only a 'creationToken'
and no 'uri' is specified for a bundle . Because Git expects each bundle
to have a 'uri', this causes a segmentation fault.
Harden Git against bundles with missing 'uri' and skip bundles which
miss this attribute.
Signed-off-by: Toon Claes <toon@xxxxxxxxx>
---
bundle-uri.c | 3 +++
t/t5558-clone-bundle-uri.sh | 24 ++++++++++++++++++++++++
2 files changed, 27 insertions(+)
diff --git a/bundle-uri.c b/bundle-uri.c
index 57cccfc6b8..a1120508bf 100644
--- a/bundle-uri.c
+++ b/bundle-uri.c
@@ -745,6 +745,9 @@ static int fetch_bundle_uri_internal(struct repository *r,
int result = 0;
struct remote_bundle_info *bcopy;
+ if (!bundle->uri)
+ return -1;
+
if (depth >= max_bundle_uri_depth) {
warning(_("exceeded bundle URI recursion limit (%d)"),
max_bundle_uri_depth);
diff --git a/t/t5558-clone-bundle-uri.sh b/t/t5558-clone-bundle-uri.sh
index 7a0943bd36..3cf498b950 100755
--- a/t/t5558-clone-bundle-uri.sh
+++ b/t/t5558-clone-bundle-uri.sh
@@ -468,6 +468,30 @@ test_expect_success 'negotiation: bundle list with all wanted commits' '
test_grep ! "clone> want " trace-packet.txt
'
+test_expect_success 'negotiation: bundle list with heuristic but uri missing' '
+ cat >bundle-list <<-EOF &&
+ [bundle]
+ version = 1
+ mode = all
+ heuristic = creationToken
+
+ [bundle "bundle-1"]
+ creationToken = 1
+ EOF
+
+ git clone --no-local --single-branch --branch=left --no-tags \
+ --bundle-uri="file://$(pwd)/bundle-list" \
+ clone-from nego-bundle-list-uri-missing &&
+
+ git -C nego-bundle-list-all for-each-ref --format="%(refname)" >refs &&
+ grep "refs/bundles/heads/" refs >actual &&
+ cat >expect <<-\EOF &&
+ refs/bundles/heads/base
+ refs/bundles/heads/left
+ EOF
+ test_cmp expect actual
+'
+
#########################################################################
# HTTP tests begin here
--
2.51.0
