summaryrefslogtreecommitdiff
path: root/Documentation/transfer-data-leaks.txt
diff options
context:
space:
mode:
authorLibravatar Max Kirillov <max@max630.net>2018-06-10 18:05:20 +0300
committerLibravatar Junio C Hamano <gitster@pobox.com>2018-06-11 13:21:38 -0700
commitc79edf73f4b018310428632887f9ce2ce32d839a (patch)
tree0da714c431209a2521df03e8a711fd2741e96291 /Documentation/transfer-data-leaks.txt
parenthttp-backend: cleanup writing to child process (diff)
downloadtgif-c79edf73f4b018310428632887f9ce2ce32d839a.tar.xz
http-backend: respect CONTENT_LENGTH as specified by rfc3875
http-backend reads whole input until EOF. However, the RFC 3875 specifies that a script must read only as many bytes as specified by CONTENT_LENGTH environment variable. Web server may exercise the specification by not closing the script's standard input after writing content. In that case http-backend would hang waiting for the input. The issue is known to happen with IIS/Windows, for example. Make http-backend read only CONTENT_LENGTH bytes, if it's defined, rather than the whole input until EOF. If the variable is not defined, keep older behavior of reading until EOF because it is used to support chunked transfer-encoding. This commit only fixes buffered input, whcih reads whole body before processign it. Non-buffered input is going to be fixed in subsequent commit. Signed-off-by: Florian Manschwetus <manschwetus@cs-software-gmbh.de> [mk: fixed trivial build failures and polished style issues] Helped-by: Junio C Hamano <gitster@pobox.com> Signed-off-by: Max Kirillov <max@max630.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation/transfer-data-leaks.txt')
0 files changed, 0 insertions, 0 deletions