diff options
| author | Shawn Pearce <spearce@spearce.org> | 2013-01-31 21:02:07 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2013-02-04 18:22:36 (GMT) |
| commit | 4656bf47fca857df51b5d6f4b7b052192b3b2317 (patch) | |
| tree | 91e4d6cf951f2964de99d454ec89e426753ac453 /http.h | |
| parent | e1b6ff44d61bcdd91280c3f7c3c5ace32d4b7c52 (diff) | |
| download | git-4656bf47fca857df51b5d6f4b7b052192b3b2317.zip git-4656bf47fca857df51b5d6f4b7b052192b3b2317.tar.gz git-4656bf47fca857df51b5d6f4b7b052192b3b2317.tar.bz2 | |
Verify Content-Type from smart HTTP servers
Before parsing a suspected smart-HTTP response verify the returned
Content-Type matches the standard. This protects a client from
attempting to process a payload that smells like a smart-HTTP
server response.
JGit has been doing this check on all responses since the dawn of
time. I mistakenly failed to include it in git-core when smart HTTP
was introduced. At the time I didn't know how to get the Content-Type
from libcurl. I punted, meant to circle back and fix this, and just
plain forgot about it.
Signed-off-by: Shawn Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'http.h')
| -rw-r--r-- | http.h | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -132,7 +132,7 @@ extern char *get_remote_object_url(const char *url, const char *hex, * * If the result pointer is NULL, a HTTP HEAD request is made instead of GET. */ -int http_get_strbuf(const char *url, struct strbuf *result, int options); +int http_get_strbuf(const char *url, struct strbuf *content_type, struct strbuf *result, int options); /* * Prints an error message using error() containing url and curl_errorstr, |