From 4656bf47fca857df51b5d6f4b7b052192b3b2317 Mon Sep 17 00:00:00 2001 From: Shawn Pearce Date: Thu, 31 Jan 2013 13:02:07 -0800 Subject: Verify Content-Type from smart HTTP servers Before parsing a suspected smart-HTTP response verify the returned Content-Type matches the standard. This protects a client from attempting to process a payload that smells like a smart-HTTP server response. JGit has been doing this check on all responses since the dawn of time. I mistakenly failed to include it in git-core when smart HTTP was introduced. At the time I didn't know how to get the Content-Type from libcurl. I punted, meant to circle back and fix this, and just plain forgot about it. Signed-off-by: Shawn Pearce Signed-off-by: Junio C Hamano --- http-push.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'http-push.c') diff --git a/http-push.c b/http-push.c index 8701c1215d..ba45b7b501 100644 --- a/http-push.c +++ b/http-push.c @@ -1560,7 +1560,7 @@ static int remote_exists(const char *path) sprintf(url, "%s%s", repo->url, path); - switch (http_get_strbuf(url, NULL, 0)) { + switch (http_get_strbuf(url, NULL, NULL, 0)) { case HTTP_OK: ret = 1; break; @@ -1584,7 +1584,7 @@ static void fetch_symref(const char *path, char **symref, unsigned char *sha1) url = xmalloc(strlen(repo->url) + strlen(path) + 1); sprintf(url, "%s%s", repo->url, path); - if (http_get_strbuf(url, &buffer, 0) != HTTP_OK) + if (http_get_strbuf(url, NULL, &buffer, 0) != HTTP_OK) die("Couldn't get %s for remote symref\n%s", url, curl_errorstr); free(url); -- cgit v1.2.1