Revision c7620bd0f35dddf8b8519da6fbf97014f46d0710 authored by Jonathan Nieder on 28 March 2018, 20:33:03 UTC, committed by Junio C Hamano on 29 March 2018, 22:39:31 UTC
When upload-pack gained partial clone support (v2.17.0-rc0~132^2~12, 2017-12-08), it was guarded by the uploadpack.allowFilter config item to allow server operators to control when they start supporting it. That config item didn't go far enough, though: it controls whether the 'filter' capability is advertised, but if a (custom) client ignores the capability advertisement and passes a filter specification anyway, the server would handle that despite allowFilter being false. This is particularly significant if a security bug is discovered in this new experimental partial clone code. Installations without uploadpack.allowFilter ought not to be affected since they don't intend to support partial clone, but they would be swept up into being vulnerable. Simplify and limit the attack surface by making uploadpack.allowFilter disable the feature, not just the advertisement of it. Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent 9f242a1
blob.c
#include "cache.h"
#include "blob.h"
const char *blob_type = "blob";
struct blob *lookup_blob(const struct object_id *oid)
{
struct object *obj = lookup_object(oid->hash);
if (!obj)
return create_object(oid->hash, alloc_blob_node());
return object_as_type(obj, OBJ_BLOB, 0);
}
int parse_blob_buffer(struct blob *item, void *buffer, unsigned long size)
{
item->object.parsed = 1;
return 0;
}
Computing file changes ...