![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | H. Peter Anvin <hpa@zytor.com> | |
| Wed, 19 Oct 2005 21:44:43 +0000 (14:44 -0700) | ||
| committer | Junio C Hamano <junkio@cox.net> | |
| Wed, 19 Oct 2005 21:44:43 +0000 (14:44 -0700) | ||
| commit | b7080d851630606815a399a162c5b20f2907f9e0 | |
| tree | 3df4b5d61c4bafa41fa38efb3305e16832294e7c | tree | snapshot |
| parent | c9ed27b9e8372822219780705128cf37bd25e26b | commit | diff |
git-daemon: timeout, eliminate double DWIM
It turns out that not only did git-daemon do DWIM, but git-upload-pack
does as well. This is bad; security checks have to be performed *after*
canonicalization, not before.
Additionally, the current git-daemon can be trivially DoSed by spewing
SYNs at the target port.
This patch adds a --strict option to git-upload-pack to disable all
DWIM, a --timeout option to git-daemon and git-upload-pack, and an
--init-timeout option to git-daemon (which is typically set to a much
lower value, since the initial request should come immediately from the
client.)
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
It turns out that not only did git-daemon do DWIM, but git-upload-pack
does as well. This is bad; security checks have to be performed *after*
canonicalization, not before.
Additionally, the current git-daemon can be trivially DoSed by spewing
SYNs at the target port.
This patch adds a --strict option to git-upload-pack to disable all
DWIM, a --timeout option to git-daemon and git-upload-pack, and an
--init-timeout option to git-daemon (which is typically set to a much
lower value, since the initial request should come immediately from the
client.)
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
| daemon.c | diff | blob | history | |
| upload-pack.c | diff | blob | history |