diff options
| author | Junio C Hamano <gitster@pobox.com> | 2021-09-28 22:06:53 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-09-28 22:06:53 +0200 |
| commit | bb1677fc29cf64b5ca5c3835261fe360ac2780ad (patch) | |
| tree | 33b173bca408a590ef10afe8285e0d99ac6e9f7c /ls-refs.c | |
| parent | The eighth batch (diff) | |
| parent | ls-refs: reject unknown arguments (diff) | |
| download | git-bb1677fc29cf64b5ca5c3835261fe360ac2780ad.tar.xz git-bb1677fc29cf64b5ca5c3835261fe360ac2780ad.zip | |
Merge branch 'jk/reduce-malloc-in-v2-servers'
Code cleanup to limit memory consumption and tighten protocol
message parsing.
* jk/reduce-malloc-in-v2-servers:
ls-refs: reject unknown arguments
serve: reject commands used as capabilities
serve: reject bogus v2 "command=ls-refs=foo"
docs/protocol-v2: clarify some ls-refs ref-prefix details
ls-refs: ignore very long ref-prefix counts
serve: drop "keys" strvec
serve: provide "receive" function for session-id capability
serve: provide "receive" function for object-format capability
serve: add "receive" method for v2 capabilities table
serve: return capability "value" from get_capability()
serve: rename is_command() to parse_command()
Diffstat (limited to 'ls-refs.c')
| -rw-r--r-- | ls-refs.c | 22 |
1 files changed, 20 insertions, 2 deletions
@@ -41,6 +41,12 @@ static void ensure_config_read(void) } /* + * If we see this many or more "ref-prefix" lines from the client, we consider + * it "too many" and will avoid using the prefix feature entirely. + */ +#define TOO_MANY_PREFIXES 65536 + +/* * Check if one of the prefixes is a prefix of the ref. * If no prefixes were provided, all refs match. */ @@ -158,15 +164,27 @@ int ls_refs(struct repository *r, struct packet_reader *request) data.peel = 1; else if (!strcmp("symrefs", arg)) data.symrefs = 1; - else if (skip_prefix(arg, "ref-prefix ", &out)) - strvec_push(&data.prefixes, out); + else if (skip_prefix(arg, "ref-prefix ", &out)) { + if (data.prefixes.nr < TOO_MANY_PREFIXES) + strvec_push(&data.prefixes, out); + } else if (!strcmp("unborn", arg)) data.unborn = allow_unborn; + else + die(_("unexpected line: '%s'"), arg); } if (request->status != PACKET_READ_FLUSH) die(_("expected flush after ls-refs arguments")); + /* + * If we saw too many prefixes, we must avoid using them at all; as + * soon as we have any prefix, they are meant to form a comprehensive + * list. + */ + if (data.prefixes.nr >= TOO_MANY_PREFIXES) + strvec_clear(&data.prefixes); + send_possibly_unborn_head(&data); if (!data.prefixes.nr) strvec_push(&data.prefixes, ""); |