rugged 1.6.5 → 1.7.1

data/vendor/libgit2/src/libgit2/transports/{auth_negotiate.c → auth_gssapi.c}

@@ -20,13 +20,13 @@
 #include <krb5.h>
 #endif
 
-static gss_OID_desc negotiate_oid_spnego =
+static gss_OID_desc gssapi_oid_spnego =
 	{ 6, (void *) "\x2b\x06\x01\x05\x05\x02" };
-static gss_OID_desc negotiate_oid_krb5 =
+static gss_OID_desc gssapi_oid_krb5 =
 	{ 9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
 
-static gss_OID negotiate_oids[] =
-	{ &negotiate_oid_spnego, &negotiate_oid_krb5, NULL };
+static gss_OID gssapi_oids[] =
+	{ &gssapi_oid_spnego, &gssapi_oid_krb5, NULL };
 
 typedef struct {
 	git_http_auth_context parent;
@@ -36,9 +36,9 @@ typedef struct {
 	char *challenge;
 	gss_ctx_id_t gss_context;
 	gss_OID oid;
-} http_auth_negotiate_context;
+} http_auth_gssapi_context;
 
-static void negotiate_err_set(
+static void gssapi_err_set(
 	OM_uint32 status_major,
 	OM_uint32 status_minor,
 	const char *message)
@@ -58,11 +58,11 @@ static void negotiate_err_set(
 	}
 }
 
-static int negotiate_set_challenge(
+static int gssapi_set_challenge(
 	git_http_auth_context *c,
 	const char *challenge)
 {
-	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
+	http_auth_gssapi_context *ctx = (http_auth_gssapi_context *)c;
 
 	GIT_ASSERT_ARG(ctx);
 	GIT_ASSERT_ARG(challenge);
@@ -76,7 +76,7 @@ static int negotiate_set_challenge(
 	return 0;
 }
 
-static void negotiate_context_dispose(http_auth_negotiate_context *ctx)
+static void gssapi_context_dispose(http_auth_gssapi_context *ctx)
 {
 	OM_uint32 status_minor;
 
@@ -92,12 +92,12 @@ static void negotiate_context_dispose(http_auth_negotiate_context *ctx)
 	ctx->challenge = NULL;
 }
 
-static int negotiate_next_token(
+static int gssapi_next_token(
 	git_str *buf,
 	git_http_auth_context *c,
 	git_credential *cred)
 {
-	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
+	http_auth_gssapi_context *ctx = (http_auth_gssapi_context *)c;
 	OM_uint32 status_major, status_minor;
 	gss_buffer_desc target_buffer = GSS_C_EMPTY_BUFFER,
 		input_token = GSS_C_EMPTY_BUFFER,
@@ -126,7 +126,7 @@ static int negotiate_next_token(
 		GSS_C_NT_HOSTBASED_SERVICE, &server);
 
 	if (GSS_ERROR(status_major)) {
-		negotiate_err_set(status_major, status_minor,
+		gssapi_err_set(status_major, status_minor,
 			"could not parse principal");
 		error = -1;
 		goto done;
@@ -152,10 +152,10 @@ static int negotiate_next_token(
 		input_token.length = input_buf.size;
 		input_token_ptr = &input_token;
 	} else if (ctx->gss_context != GSS_C_NO_CONTEXT) {
-		negotiate_context_dispose(ctx);
+		gssapi_context_dispose(ctx);
 	}
 
-	mech = &negotiate_oid_spnego;
+	mech = &gssapi_oid_spnego;
 
 	status_major = gss_init_sec_context(
 		&status_minor,
@@ -173,14 +173,14 @@ static int negotiate_next_token(
 		NULL);
 
 	if (GSS_ERROR(status_major)) {
-		negotiate_err_set(status_major, status_minor, "negotiate failure");
+		gssapi_err_set(status_major, status_minor, "negotiate failure");
 		error = -1;
 		goto done;
 	}
 
 	/* This message merely told us auth was complete; we do not respond. */
 	if (status_major == GSS_S_COMPLETE) {
-		negotiate_context_dispose(ctx);
+		gssapi_context_dispose(ctx);
 		ctx->complete = 1;
 		goto done;
 	}
@@ -204,20 +204,20 @@ done:
 	return error;
 }
 
-static int negotiate_is_complete(git_http_auth_context *c)
+static int gssapi_is_complete(git_http_auth_context *c)
 {
-	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
+	http_auth_gssapi_context *ctx = (http_auth_gssapi_context *)c;
 
 	GIT_ASSERT_ARG(ctx);
 
 	return (ctx->complete == 1);
 }
 
-static void negotiate_context_free(git_http_auth_context *c)
+static void gssapi_context_free(git_http_auth_context *c)
 {
-	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
+	http_auth_gssapi_context *ctx = (http_auth_gssapi_context *)c;
 
-	negotiate_context_dispose(ctx);
+	gssapi_context_dispose(ctx);
 
 	ctx->configured = 0;
 	ctx->complete = 0;
@@ -226,8 +226,8 @@ static void negotiate_context_free(git_http_auth_context *c)
 	git__free(ctx);
 }
 
-static int negotiate_init_context(
-	http_auth_negotiate_context *ctx,
+static int gssapi_init_context(
+	http_auth_gssapi_context *ctx,
 	const git_net_url *url)
 {
 	OM_uint32 status_major, status_minor;
@@ -239,13 +239,13 @@ static int negotiate_init_context(
 	status_major = gss_indicate_mechs(&status_minor, &mechanism_list);
 
 	if (GSS_ERROR(status_major)) {
-		negotiate_err_set(status_major, status_minor,
+		gssapi_err_set(status_major, status_minor,
 			"could not query mechanisms");
 		return -1;
 	}
 
 	if (mechanism_list) {
-		for (oid = negotiate_oids; *oid; oid++) {
+		for (oid = gssapi_oids; *oid; oid++) {
 			for (i = 0; i < mechanism_list->count; i++) {
 				item = &mechanism_list->elements[i];
 
@@ -285,14 +285,14 @@ int git_http_auth_negotiate(
 	git_http_auth_context **out,
 	const git_net_url *url)
 {
-	http_auth_negotiate_context *ctx;
+	http_auth_gssapi_context *ctx;
 
 	*out = NULL;
 
-	ctx = git__calloc(1, sizeof(http_auth_negotiate_context));
+	ctx = git__calloc(1, sizeof(http_auth_gssapi_context));
 	GIT_ERROR_CHECK_ALLOC(ctx);
 
-	if (negotiate_init_context(ctx, url) < 0) {
+	if (gssapi_init_context(ctx, url) < 0) {
 		git__free(ctx);
 		return -1;
 	}
@@ -300,10 +300,10 @@ int git_http_auth_negotiate(
 	ctx->parent.type = GIT_HTTP_AUTH_NEGOTIATE;
 	ctx->parent.credtypes = GIT_CREDENTIAL_DEFAULT;
 	ctx->parent.connection_affinity = 1;
-	ctx->parent.set_challenge = negotiate_set_challenge;
-	ctx->parent.next_token = negotiate_next_token;
-	ctx->parent.is_complete = negotiate_is_complete;
-	ctx->parent.free = negotiate_context_free;
+	ctx->parent.set_challenge = gssapi_set_challenge;
+	ctx->parent.next_token = gssapi_next_token;
+	ctx->parent.is_complete = gssapi_is_complete;
+	ctx->parent.free = gssapi_context_free;
 
 	*out = (git_http_auth_context *)ctx;
 

data/vendor/libgit2/src/libgit2/transports/auth_negotiate.h

@@ -12,7 +12,7 @@
 #include "git2.h"
 #include "auth.h"
 
-#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK)
+#if defined(GIT_GSSAPI) || defined(GIT_GSSFRAMEWORK) || defined(GIT_WIN32)
 
 extern int git_http_auth_negotiate(
 	git_http_auth_context **out,

data/vendor/libgit2/src/libgit2/transports/auth_ntlm.h

@@ -13,7 +13,7 @@
 /* NTLM requires a full request/challenge/response */
 #define GIT_AUTH_STEPS_NTLM 2
 
-#ifdef GIT_NTLM
+#if defined(GIT_NTLM) || defined(GIT_WIN32)
 
 #if defined(GIT_OPENSSL)
 # define CRYPT_OPENSSL

data/vendor/libgit2/src/libgit2/transports/{auth_ntlm.c → auth_ntlmclient.c}

@@ -23,7 +23,7 @@ typedef struct {
 	bool complete;
 } http_auth_ntlm_context;
 
-static int ntlm_set_challenge(
+static int ntlmclient_set_challenge(
 	git_http_auth_context *c,
 	const char *challenge)
 {
@@ -40,7 +40,7 @@ static int ntlm_set_challenge(
 	return 0;
 }
 
-static int ntlm_set_credentials(http_auth_ntlm_context *ctx, git_credential *_cred)
+static int ntlmclient_set_credentials(http_auth_ntlm_context *ctx, git_credential *_cred)
 {
 	git_credential_userpass_plaintext *cred;
 	const char *sep, *username;
@@ -76,7 +76,7 @@ done:
 	return error;
 }
 
-static int ntlm_next_token(
+static int ntlmclient_next_token(
 	git_str *buf,
 	git_http_auth_context *c,
 	git_credential *cred)
@@ -104,7 +104,7 @@ static int ntlm_next_token(
 	 */
 	ctx->complete = true;
 
-	if (cred && ntlm_set_credentials(ctx, cred) != 0)
+	if (cred && ntlmclient_set_credentials(ctx, cred) != 0)
 		goto done;
 
 	if (challenge_len < 4) {
@@ -162,7 +162,7 @@ done:
 	return error;
 }
 
-static int ntlm_is_complete(git_http_auth_context *c)
+static int ntlmclient_is_complete(git_http_auth_context *c)
 {
 	http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
 
@@ -170,7 +170,7 @@ static int ntlm_is_complete(git_http_auth_context *c)
 	return (ctx->complete == true);
 }
 
-static void ntlm_context_free(git_http_auth_context *c)
+static void ntlmclient_context_free(git_http_auth_context *c)
 {
 	http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
 
@@ -179,7 +179,7 @@ static void ntlm_context_free(git_http_auth_context *c)
 	git__free(ctx);
 }
 
-static int ntlm_init_context(
+static int ntlmclient_init_context(
 	http_auth_ntlm_context *ctx,
 	const git_net_url *url)
 {
@@ -206,7 +206,7 @@ int git_http_auth_ntlm(
 	ctx = git__calloc(1, sizeof(http_auth_ntlm_context));
 	GIT_ERROR_CHECK_ALLOC(ctx);
 
-	if (ntlm_init_context(ctx, url) < 0) {
+	if (ntlmclient_init_context(ctx, url) < 0) {
 		git__free(ctx);
 		return -1;
 	}
@@ -214,10 +214,10 @@ int git_http_auth_ntlm(
 	ctx->parent.type = GIT_HTTP_AUTH_NTLM;
 	ctx->parent.credtypes = GIT_CREDENTIAL_USERPASS_PLAINTEXT;
 	ctx->parent.connection_affinity = 1;
-	ctx->parent.set_challenge = ntlm_set_challenge;
-	ctx->parent.next_token = ntlm_next_token;
-	ctx->parent.is_complete = ntlm_is_complete;
-	ctx->parent.free = ntlm_context_free;
+	ctx->parent.set_challenge = ntlmclient_set_challenge;
+	ctx->parent.next_token = ntlmclient_next_token;
+	ctx->parent.is_complete = ntlmclient_is_complete;
+	ctx->parent.free = ntlmclient_context_free;
 
 	*out = (git_http_auth_context *)ctx;
 

data/vendor/libgit2/src/libgit2/transports/auth_sspi.c

@@ -0,0 +1,341 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "auth_ntlm.h"
+#include "auth_negotiate.h"
+
+#ifdef GIT_WIN32
+
+#define SECURITY_WIN32
+
+#include "git2.h"
+#include "auth.h"
+#include "git2/sys/credential.h"
+
+#include <windows.h>
+#include <security.h>
+
+typedef struct {
+	git_http_auth_context parent;
+	wchar_t *target;
+
+	const char *package_name;
+	size_t package_name_len;
+	wchar_t *package_name_w;
+	SecPkgInfoW *package_info;
+	SEC_WINNT_AUTH_IDENTITY_W identity;
+	CredHandle cred;
+	CtxtHandle context;
+
+	int has_identity : 1,
+	    has_credentials : 1,
+	    has_context : 1,
+	    complete : 1;
+	git_str challenge;
+} http_auth_sspi_context;
+
+static void sspi_reset_context(http_auth_sspi_context *ctx)
+{
+	if (ctx->has_identity) {
+		git__free(ctx->identity.User);
+		git__free(ctx->identity.Domain);
+		git__free(ctx->identity.Password);
+
+		memset(&ctx->identity, 0, sizeof(SEC_WINNT_AUTH_IDENTITY_W));
+
+		ctx->has_identity = 0;
+	}
+
+	if (ctx->has_credentials) {
+		FreeCredentialsHandle(&ctx->cred);
+		memset(&ctx->cred, 0, sizeof(CredHandle));
+
+		ctx->has_credentials = 0;
+	}
+
+	if (ctx->has_context) {
+		DeleteSecurityContext(&ctx->context);
+		memset(&ctx->context, 0, sizeof(CtxtHandle));
+
+		ctx->has_context = 0;
+	}
+
+	ctx->complete = 0;
+
+	git_str_dispose(&ctx->challenge);
+}
+
+static int sspi_set_challenge(
+	git_http_auth_context *c,
+	const char *challenge)
+{
+	http_auth_sspi_context *ctx = (http_auth_sspi_context *)c;
+	size_t challenge_len = strlen(challenge);
+
+	git_str_clear(&ctx->challenge);
+
+	if (strncmp(challenge, ctx->package_name, ctx->package_name_len) != 0) {
+		git_error_set(GIT_ERROR_NET, "invalid %s challenge from server", ctx->package_name);
+		return -1;
+	}
+
+	/*
+	 * A package type indicator without a base64 payload indicates the
+	 * mechanism; it's not an actual challenge. Ignore it.
+	 */
+	if (challenge[ctx->package_name_len] == 0) {
+		return 0;
+	} else if (challenge[ctx->package_name_len] != ' ') {
+		git_error_set(GIT_ERROR_NET, "invalid %s challenge from server", ctx->package_name);
+		return -1;
+	}
+
+	if (git_str_decode_base64(&ctx->challenge,
+	                          challenge + (ctx->package_name_len + 1),
+	                          challenge_len - (ctx->package_name_len + 1)) < 0) {
+		git_error_set(GIT_ERROR_NET, "invalid %s challenge from server", ctx->package_name);
+		return -1;
+	}
+
+	GIT_ASSERT(ctx->challenge.size <= ULONG_MAX);
+	return 0;
+}
+
+static int create_identity(
+	SEC_WINNT_AUTH_IDENTITY_W **out,
+	http_auth_sspi_context *ctx,
+	git_credential *cred)
+{
+	git_credential_userpass_plaintext *userpass;
+	wchar_t *username = NULL, *domain = NULL, *password = NULL;
+	int username_len = 0, domain_len = 0, password_len = 0;
+	const char *sep;
+
+	if (cred->credtype == GIT_CREDENTIAL_DEFAULT) {
+		*out = NULL;
+		return 0;
+	}
+
+	if (cred->credtype != GIT_CREDENTIAL_USERPASS_PLAINTEXT) {
+		git_error_set(GIT_ERROR_NET, "unknown credential type: %d", cred->credtype);
+		return -1;
+	}
+
+	userpass = (git_credential_userpass_plaintext *)cred;
+
+	if ((sep = strchr(userpass->username, '\\')) != NULL) {
+		GIT_ASSERT(sep - userpass->username < INT_MAX);
+
+		username_len = git_utf8_to_16_alloc(&username, sep + 1);
+		domain_len = git_utf8_to_16_alloc_with_len(&domain,
+			userpass->username, (int)(sep - userpass->username));
+	} else {
+		username_len = git_utf8_to_16_alloc(&username,
+			userpass->username);
+	}
+
+	password_len = git_utf8_to_16_alloc(&password, userpass->password);
+
+	if (username_len < 0 || domain_len < 0 || password_len < 0) {
+		git__free(username);
+		git__free(domain);
+		git__free(password);
+		return -1;
+	}
+
+	ctx->identity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
+	ctx->identity.User = username;
+	ctx->identity.UserLength = (unsigned long)username_len;
+	ctx->identity.Password = password;
+	ctx->identity.PasswordLength = (unsigned long)password_len;
+	ctx->identity.Domain = domain;
+	ctx->identity.DomainLength = (unsigned long)domain_len;
+
+	ctx->has_identity = 1;
+
+	*out = &ctx->identity;
+
+	return 0;
+}
+
+static int sspi_next_token(
+	git_str *buf,
+	git_http_auth_context *c,
+	git_credential *cred)
+{
+	http_auth_sspi_context *ctx = (http_auth_sspi_context *)c;
+	SEC_WINNT_AUTH_IDENTITY_W *identity = NULL;
+	TimeStamp timestamp;
+	DWORD context_flags;
+	SecBuffer input_buf = { 0, SECBUFFER_TOKEN, NULL };
+	SecBuffer output_buf = { 0, SECBUFFER_TOKEN, NULL };
+	SecBufferDesc input_buf_desc = { SECBUFFER_VERSION, 1, &input_buf };
+	SecBufferDesc output_buf_desc = { SECBUFFER_VERSION, 1, &output_buf };
+	SECURITY_STATUS status;
+
+	if (ctx->complete)
+		sspi_reset_context(ctx);
+
+	if (!ctx->has_context) {
+		if (create_identity(&identity, ctx, cred) < 0)
+			return -1;
+
+		status = AcquireCredentialsHandleW(NULL, ctx->package_name_w,
+				SECPKG_CRED_BOTH, NULL, identity, NULL,
+				NULL, &ctx->cred, &timestamp);
+
+		if (status != SEC_E_OK) {
+			git_error_set(GIT_ERROR_OS, "could not acquire credentials");
+			return -1;
+		}
+
+		ctx->has_credentials = 1;
+	}
+
+	context_flags = ISC_REQ_ALLOCATE_MEMORY |
+	                ISC_REQ_CONFIDENTIALITY |
+	                ISC_REQ_MUTUAL_AUTH;
+
+	if (ctx->challenge.size > 0) {
+		input_buf.BufferType = SECBUFFER_TOKEN;
+		input_buf.cbBuffer = (unsigned long)ctx->challenge.size;
+		input_buf.pvBuffer = ctx->challenge.ptr;
+	}
+
+	status = InitializeSecurityContextW(&ctx->cred,
+		ctx->has_context ? &ctx->context : NULL,
+		ctx->target,
+		context_flags,
+		0,
+		SECURITY_NETWORK_DREP,
+		ctx->has_context ? &input_buf_desc : NULL,
+		0,
+		ctx->has_context ? NULL : &ctx->context,
+		&output_buf_desc,
+		&context_flags,
+		NULL);
+
+	if (status == SEC_I_COMPLETE_AND_CONTINUE ||
+	    status == SEC_I_COMPLETE_NEEDED)
+		status = CompleteAuthToken(&ctx->context, &output_buf_desc);
+
+	if (status == SEC_E_OK) {
+		ctx->complete = 1;
+	} else if (status != SEC_I_CONTINUE_NEEDED) {
+		git_error_set(GIT_ERROR_OS, "could not initialize security context");
+		return -1;
+	}
+
+	ctx->has_context = 1;
+	git_str_clear(&ctx->challenge);
+
+	if (output_buf.cbBuffer > 0) {
+		git_str_put(buf, ctx->package_name, ctx->package_name_len);
+		git_str_putc(buf, ' ');
+		git_str_encode_base64(buf, output_buf.pvBuffer, output_buf.cbBuffer);
+
+		FreeContextBuffer(output_buf.pvBuffer);
+
+		if (git_str_oom(buf))
+			return -1;
+	}
+
+	return 0;
+}
+
+static int sspi_is_complete(git_http_auth_context *c)
+{
+	http_auth_sspi_context *ctx = (http_auth_sspi_context *)c;
+
+	return ctx->complete;
+}
+
+static void sspi_context_free(git_http_auth_context *c)
+{
+	http_auth_sspi_context *ctx = (http_auth_sspi_context *)c;
+
+	sspi_reset_context(ctx);
+
+	FreeContextBuffer(ctx->package_info);
+	git__free(ctx->target);
+	git__free(ctx);
+}
+
+static int sspi_init_context(
+	git_http_auth_context **out,
+	git_http_auth_t type,
+	const git_net_url *url)
+{
+	http_auth_sspi_context *ctx;
+	git_str target = GIT_STR_INIT;
+
+	*out = NULL;
+
+	ctx = git__calloc(1, sizeof(http_auth_sspi_context));
+	GIT_ERROR_CHECK_ALLOC(ctx);
+
+	switch (type) {
+	case GIT_HTTP_AUTH_NTLM:
+		ctx->package_name = "NTLM";
+		ctx->package_name_len = CONST_STRLEN("NTLM");
+		ctx->package_name_w = L"NTLM";
+		ctx->parent.credtypes = GIT_CREDENTIAL_USERPASS_PLAINTEXT |
+	                                GIT_CREDENTIAL_DEFAULT;
+		break;
+	case GIT_HTTP_AUTH_NEGOTIATE:
+		ctx->package_name = "Negotiate";
+		ctx->package_name_len = CONST_STRLEN("Negotiate");
+		ctx->package_name_w = L"Negotiate";
+		ctx->parent.credtypes = GIT_CREDENTIAL_DEFAULT;
+		break;
+	default:
+		git_error_set(GIT_ERROR_NET, "unknown SSPI auth type: %d", ctx->parent.type);
+		git__free(ctx);
+		return -1;
+	}
+
+	if (QuerySecurityPackageInfoW(ctx->package_name_w, &ctx->package_info) != SEC_E_OK) {
+		git_error_set(GIT_ERROR_OS, "could not query security package");
+		git__free(ctx);
+		return -1;
+	}
+
+	if (git_str_printf(&target, "http/%s", url->host) < 0 ||
+	    git_utf8_to_16_alloc(&ctx->target, target.ptr) < 0) {
+		FreeContextBuffer(ctx->package_info);
+		git__free(ctx);
+		return -1;
+	}
+
+	ctx->parent.type = type;
+	ctx->parent.connection_affinity = 1;
+	ctx->parent.set_challenge = sspi_set_challenge;
+	ctx->parent.next_token = sspi_next_token;
+	ctx->parent.is_complete = sspi_is_complete;
+	ctx->parent.free = sspi_context_free;
+
+	*out = (git_http_auth_context *)ctx;
+
+	git_str_dispose(&target);
+	return 0;
+}
+
+int git_http_auth_negotiate(
+	git_http_auth_context **out,
+	const git_net_url *url)
+{
+	return sspi_init_context(out, GIT_HTTP_AUTH_NEGOTIATE, url);
+}
+
+int git_http_auth_ntlm(
+	git_http_auth_context **out,
+	const git_net_url *url)
+{
+	return sspi_init_context(out, GIT_HTTP_AUTH_NTLM, url);
+}
+
+#endif /* GIT_WIN32 */

data/vendor/libgit2/src/libgit2/transports/git.c

@@ -7,7 +7,7 @@
 
 #include "common.h"
 
-#include "netops.h"
+#include "net.h"
 #include "stream.h"
 #include "streams/socket.h"
 #include "git2/sys/transport.h"
@@ -95,22 +95,21 @@ static int git_proto_stream_read(
 	size_t buf_size,
 	size_t *bytes_read)
 {
-	int error;
 	git_proto_stream *s = (git_proto_stream *)stream;
-	gitno_buffer buf;
+	ssize_t ret;
+	int error;
 
 	*bytes_read = 0;
 
 	if (!s->sent_command && (error = send_command(s)) < 0)
 		return error;
 
-	gitno_buffer_setup_fromstream(s->io, &buf, buffer, buf_size);
+	ret = git_stream_read(s->io, buffer, min(buf_size, INT_MAX));
 
-	if ((error = gitno_recv(&buf)) < 0)
-		return error;
-
-	*bytes_read = buf.offset;
+	if (ret < 0)
+		return -1;
 
+	*bytes_read = (size_t)ret;
 	return 0;
 }
 

data/vendor/libgit2/src/libgit2/transports/http.c

@@ -11,7 +11,6 @@
 
 #include "http_parser.h"
 #include "net.h"
-#include "netops.h"
 #include "remote.h"
 #include "smart.h"
 #include "auth.h"
@@ -336,9 +335,15 @@ static int lookup_proxy(
 	}
 
 	if (!proxy ||
-	    (error = git_net_url_parse(&transport->proxy.url, proxy)) < 0)
+	    (error = git_net_url_parse_http(&transport->proxy.url, proxy)) < 0)
 		goto done;
 
+	if (!git_net_url_valid(&transport->proxy.url)) {
+		git_error_set(GIT_ERROR_HTTP, "invalid URL: '%s'", proxy);
+		error = -1;
+		goto done;
+	}
+
 	*out_use = true;
 
 done: