author | Frank Lichtenheld <frank@lichtenheld.de> | |
Thu, 7 Jun 2007 14:57:00 +0000 (16:57 +0200) | ||
committer | Junio C Hamano <gitster@pobox.com> | |
Fri, 8 Jun 2007 09:37:18 +0000 (02:37 -0700) | ||
commit | 4890888d742e12044b1f4b89a5d10437a6371253 | |
tree | 5ce676c9858b831e5e52fa4a22be9613e6f525ed | tree | snapshot |
parent | 225696af2ceaa2e06345954003eda742a76c4e0a | commit | diff |
cvsserver: Make req_Root more critical of its input data
The path submitted with the Root request has to be absolute
(cvs does it this way and it may save us some sanity checks
later)
If multiple roots are specified (e.g. because we use
pserver authentication which will already include the
root), ensure that they say all the same.
Probably neither is a security risk, and neither should ever
be triggered by a sane client, but when validating
input data, it's better to be save than sorry.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
The path submitted with the Root request has to be absolute
(cvs does it this way and it may save us some sanity checks
later)
If multiple roots are specified (e.g. because we use
pserver authentication which will already include the
root), ensure that they say all the same.
Probably neither is a security risk, and neither should ever
be triggered by a sane client, but when validating
input data, it's better to be save than sorry.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
git-cvsserver.perl | diff | blob | history | |
t/t9400-git-cvsserver-server.sh | diff | blob | history |