4656bf47fc
Before parsing a suspected smart-HTTP response verify the returned Content-Type matches the standard. This protects a client from attempting to process a payload that smells like a smart-HTTP server response. JGit has been doing this check on all responses since the dawn of time. I mistakenly failed to include it in git-core when smart HTTP was introduced. At the time I didn't know how to get the Content-Type from libcurl. I punted, meant to circle back and fix this, and just plain forgot about it. Signed-off-by: Shawn Pearce <spearce@spearce.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
12 lines
349 B
Bash
Executable File
12 lines
349 B
Bash
Executable File
#!/bin/sh
|
|
printf "Content-Type: text/%s\n" "html"
|
|
echo
|
|
printf "%s\n" "001e# service=git-upload-pack"
|
|
printf "%s" "0000"
|
|
printf "%s%c%s%s\n" \
|
|
"00a58681d9f286a48b08f37b3a095330da16689e3693 HEAD" \
|
|
0 \
|
|
" include-tag multi_ack_detailed multi_ack ofs-delta" \
|
|
" side-band side-band-64k thin-pack no-progress shallow no-done "
|
|
printf "%s" "0000"
|