Verify Content-Type from smart HTTP servers
Before parsing a suspected smart-HTTP response verify the returned Content-Type matches the standard. This protects a client from attempting to process a payload that smells like a smart-HTTP server response. JGit has been doing this check on all responses since the dawn of time. I mistakenly failed to include it in git-core when smart HTTP was introduced. At the time I didn't know how to get the Content-Type from libcurl. I punted, meant to circle back and fix this, and just plain forgot about it. Signed-off-by: Shawn Pearce <spearce@spearce.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Shawn Pearce
committed by
Junio C Hamano
Junio C Hamano
parent
e1b6ff44d6
commit
4656bf47fc
2
http.h
2
http.h
@ -132,7 +132,7 @@ extern char *get_remote_object_url(const char *url, const char *hex,
|
||||
*
|
||||
* If the result pointer is NULL, a HTTP HEAD request is made instead of GET.
|
||||
*/
|
||||
int http_get_strbuf(const char *url, struct strbuf *result, int options);
|
||||
int http_get_strbuf(const char *url, struct strbuf *content_type, struct strbuf *result, int options);
|
||||
|
||||
/*
|
||||
* Prints an error message using error() containing url and curl_errorstr,
|
||||
|
||||
Reference in New Issue
Block a user