diff options
author | Jeff King <peff@peff.net> | 2020-03-27 04:03:38 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2020-03-27 12:18:48 -0700 |
commit | 4845b7724582a315eb4eb13d5058f85d21798e94 (patch) | |
tree | 8d27c4687e289d16d784aa1bf4c86be160ab532d /serve.h | |
parent | test-lib-functions: make packetize() more efficient (diff) | |
download | tgif-4845b7724582a315eb4eb13d5058f85d21798e94.tar.xz |
upload-pack: handle unexpected delim packets
When processing the arguments list for a v2 ls-refs or fetch command, we
loop like this:
while (packet_reader_read(request) != PACKET_READ_FLUSH) {
const char *arg = request->line;
...handle arg...
}
to read and handle packets until we see a flush. The hidden assumption
here is that anything except PACKET_READ_FLUSH will give us valid packet
data to read. But that's not true; PACKET_READ_DELIM or PACKET_READ_EOF
will leave packet->line as NULL, and we'll segfault trying to look at
it.
Instead, we should follow the more careful model demonstrated on the
client side (e.g., in process_capabilities_v2): keep looping as long
as we get normal packets, and then make sure that we broke out of the
loop due to a real flush. That fixes the segfault and correctly
diagnoses any unexpected input from the client.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'serve.h')
0 files changed, 0 insertions, 0 deletions