diff options
author | Jonathan Nieder <jrnieder@gmail.com> | 2018-03-28 13:33:03 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2018-03-29 15:39:31 -0700 |
commit | c7620bd0f35dddf8b8519da6fbf97014f46d0710 (patch) | |
tree | f13a1b9f57d7530ec55e33b604b895ac74c35e2f /builtin/fetch-pack.c | |
parent | unpack-trees: release oid_array after use in check_updates() (diff) | |
download | tgif-c7620bd0f35dddf8b8519da6fbf97014f46d0710.tar.xz |
upload-pack: disable object filtering when disabled by config
When upload-pack gained partial clone support (v2.17.0-rc0~132^2~12,
2017-12-08), it was guarded by the uploadpack.allowFilter config item
to allow server operators to control when they start supporting it.
That config item didn't go far enough, though: it controls whether the
'filter' capability is advertised, but if a (custom) client ignores
the capability advertisement and passes a filter specification anyway,
the server would handle that despite allowFilter being false.
This is particularly significant if a security bug is discovered in
this new experimental partial clone code. Installations without
uploadpack.allowFilter ought not to be affected since they don't
intend to support partial clone, but they would be swept up into being
vulnerable.
Simplify and limit the attack surface by making uploadpack.allowFilter
disable the feature, not just the advertisement of it.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/fetch-pack.c')
0 files changed, 0 insertions, 0 deletions