http-push: check path length before using it

We use path_len to skip the base url/path, but we do not know for sure if path does indeed contain the base url/path. Check if this is so. Helped-by: Johnathan Nieder <jrnieder@gmail.com> Signed-off-by: Tay Ray Chuan <rctay89@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Tay Ray Chuan <rctay89@gmail.com> 2010-11-25 16:21:08 +0800
committer: Junio C Hamano <gitster@pobox.com> 2010-11-26 14:50:46 -0800
commit: dfc2dcd9acf95794788f9471028485c2d2cc78ef (patch)
tree: 3018b876c81797bdca1ebe73626995f74c39f25d /http-push.c
parent: 0fdadc501ee42c530946731718dfdd710f4005d3 (diff)
download: git-dfc2dcd9acf95794788f9471028485c2d2cc78ef.tar.gz
1 files changed, 10 insertions, 2 deletions
diff --git a/http-push.c b/http-push.c
index 565e580d5a..bfa1fe7c05 100644
--- a/http-push.c
+++ b/http-push.c
@@ -1116,8 +1116,16 @@ static void handle_remote_ls_ctx(struct xml_ctx *ctx, int tag_closed)
 				}
 			}
 			if (path) {
-				path += repo->path_len;
-				ls->dentry_name = xstrdup(path);
+				const char *url = repo->url;
+				if (repo->path)
+					url = repo->path;
+				if (strncmp(path, url, repo->path_len))
+					error("Parsed path '%s' does not match url: '%s'\n",
+					      path, url);
+				else {
+					path += repo->path_len;
+					ls->dentry_name = xstrdup(path);
+				}
 			}
 		} else if (!strcmp(ctx->name, DAV_PROPFIND_COLLECTION)) {
 			ls->dentry_flags |= IS_DIR;
author	Tay Ray Chuan <rctay89@gmail.com>	2010-11-25 16:21:08 +0800
committer	Junio C Hamano <gitster@pobox.com>	2010-11-26 14:50:46 -0800
commit	dfc2dcd9acf95794788f9471028485c2d2cc78ef (patch)
tree	3018b876c81797bdca1ebe73626995f74c39f25d /http-push.c
parent	0fdadc501ee42c530946731718dfdd710f4005d3 (diff)
download	git-dfc2dcd9acf95794788f9471028485c2d2cc78ef.tar.gz