http-push: check path length before using it

We use path_len to skip the base url/path, but we do not know for sure
if path does indeed contain the base url/path. Check if this is so.

Helped-by: Johnathan Nieder <jrnieder@gmail.com>
Signed-off-by: Tay Ray Chuan <rctay89@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/http-push.c b/http-push.c
index 565e580d5a50924ec9466c5b696f9163fce78a94..bfa1fe7c0568d310555b293ad25fb4bdc37631a4 100644 (file)
--- a/http-push.c
+++ b/http-push.c
@@ -1116,8 +1116,16 @@ static void handle_remote_ls_ctx(struct xml_ctx *ctx, int tag_closed)
                                }
                        }
                        if (path) {
-                               path += repo->path_len;
-                               ls->dentry_name = xstrdup(path);
+                               const char *url = repo->url;
+                               if (repo->path)
+                                       url = repo->path;
+                               if (strncmp(path, url, repo->path_len))
+                                       error("Parsed path '%s' does not match url: '%s'\n",
+                                             path, url);
+                               else {
+                                       path += repo->path_len;
+                                       ls->dentry_name = xstrdup(path);
+                               }
                        }
                } else if (!strcmp(ctx->name, DAV_PROPFIND_COLLECTION)) {
                        ls->dentry_flags |= IS_DIR;