summaryrefslogtreecommitdiff
path: root/builtin/upload-archive.c
diff options
context:
space:
mode:
authorLibravatar Jeff King <peff@peff.net>2020-03-11 18:48:24 -0400
committerLibravatar Jeff King <peff@peff.net>2020-03-12 02:56:50 -0400
commit07259e74ec1237c836874342c65650bdee8a3993 (patch)
tree5cc2be3aa1dd29e8bee5c2625026b91f2a91555e /builtin/upload-archive.c
parentcredential: detect unrepresentable values when parsing urls (diff)
downloadtgif-07259e74ec1237c836874342c65650bdee8a3993.tar.xz
fsck: detect gitmodules URLs with embedded newlines
The credential protocol can't handle values with newlines. We already detect and block any such URLs from being used with credential helpers, but let's also add an fsck check to detect and block gitmodules files with such URLs. That will let us notice the problem earlier when transfer.fsckObjects is turned on. And in particular it will prevent bad objects from spreading, which may protect downstream users running older versions of Git. We'll file this under the existing gitmodulesUrl flag, which covers URLs with option injection. There's really no need to distinguish the exact flaw in the URL in this context. Likewise, I've expanded the description of t7416 to cover all types of bogus URLs.
Diffstat (limited to 'builtin/upload-archive.c')
0 files changed, 0 insertions, 0 deletions