diff options
| author | H. Peter Anvin <hpa@zytor.com> | 2005-10-19 14:27:01 -0700 |
|---|---|---|
| committer | Junio C Hamano <junkio@cox.net> | 2005-10-19 14:27:01 -0700 |
| commit | 960deccb26a5bee6c6cd63d50e8272f540a27b19 (patch) | |
| tree | a5921439da568a46cbb9db25e3d2fa6403167a56 /http-fetch.c | |
| parent | f8765797a41a39f4dfc7030098c38283e6461a83 (diff) | |
| download | git-960deccb26a5bee6c6cd63d50e8272f540a27b19.tar.gz git-960deccb26a5bee6c6cd63d50e8272f540a27b19.tar.xz | |
git-daemon: timeout, eliminate double DWIM
It turns out that not only did git-daemon do DWIM, but git-upload-pack
does as well. This is bad; security checks have to be performed *after*
canonicalization, not before.
Additionally, the current git-daemon can be trivially DoSed by spewing
SYNs at the target port.
This patch adds a --strict option to git-upload-pack to disable all
DWIM, a --timeout option to git-daemon and git-upload-pack, and an
--init-timeout option to git-daemon (which is typically set to a much
lower value, since the initial request should come immediately from the
client.)
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
Diffstat (limited to 'http-fetch.c')
0 files changed, 0 insertions, 0 deletions