config_file: properly ignore includes without "path" value

In case a configuration includes a key "include.path=" without any
value, the generated configuration entry will have its value set to
`NULL`. This is unexpected by the logic handling includes, and as soon
as we try to calculate the included path we will unconditionally
dereference that `NULL` pointer and thus segfault.

Fix the issue by returning early in both `parse_include` and
`parse_conditional_include` in case where the `file` argument is `NULL`.
Add a test to avoid future regression.

The issue has been found by the oss-fuzz project, issue 10810.

Author: pks-t

src/config_file.c

@@ -664,6 +664,9 @@ static int parse_include(git_config_parser *reader,
 	char *dir;
 	int result;
 
+	if (!file)
+		return 0;
+
 	if ((result = git_path_dirname_r(&path, reader->file->path)) < 0)
 		return result;
 
@@ -765,7 +768,7 @@ static int parse_conditional_include(git_config_parser *reader,
 	size_t i;
 	int error = 0, matches;
 
-	if (!parse_data->repo)
+	if (!parse_data->repo || !file)
 		return 0;
 
 	condition = git__substrdup(section + strlen("includeIf."),

tests/config/include.c

@@ -87,6 +87,16 @@ void test_config_include__depth(void)
 	cl_git_pass(p_unlink("b"));
 }
 
+void test_config_include__empty_path_sanely_handled(void)
+{
+	cl_git_mkfile("a", "[include]\npath");
+	cl_git_pass(git_config_open_ondisk(&cfg, "a"));
+	cl_git_pass(git_config_get_string_buf(&buf, cfg, "include.path"));
+	cl_assert_equal_s("", git_buf_cstr(&buf));
+
+	cl_git_pass(p_unlink("a"));
+}
+
 void test_config_include__missing(void)
 {
 	cl_git_mkfile("including", "[include]\npath = nonexistentfile\n[foo]\nbar = baz");