http-push: check path length before using it

rctay · gitster · commit dfc2dcd9acf9 · 2010-11-26T14:50:46.000-08:00
We use path_len to skip the base url/path, but we do not know for sure
if path does indeed contain the base url/path. Check if this is so.

Helped-by: Johnathan Nieder &lt;jrnieder@gmail.com&gt;
Signed-off-by: Tay Ray Chuan &lt;rctay89@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
diff --git a/http-push.c b/http-push.c
@@ -1116,8 +1116,16 @@ static void handle_remote_ls_ctx(struct xml_ctx *ctx, int tag_closed)
 				}
 			}
 			if (path) {
-				path += repo->path_len;
-				ls->dentry_name = xstrdup(path);
+				const char *url = repo->url;
+				if (repo->path)
+					url = repo->path;
+				if (strncmp(path, url, repo->path_len))
+					error("Parsed path '%s' does not match url: '%s'\n",
+					      path, url);
+				else {
+					path += repo->path_len;
+					ls->dentry_name = xstrdup(path);
+				}
 			}
 		} else if (!strcmp(ctx->name, DAV_PROPFIND_COLLECTION)) {
 			ls->dentry_flags |= IS_DIR;

Original file line number	Diff line number	Diff line change
`@@ -1116,8 +1116,16 @@ static void handle_remote_ls_ctx(struct xml_ctx *ctx, int tag_closed)`
`1116`	`1116`	`}`
`1117`	`1117`	`}`
`1118`	`1118`	`if (path) {`
`1119`		`- path += repo->path_len;`
`1120`		`- ls->dentry_name = xstrdup(path);`
	`1119`	`+ const char *url = repo->url;`
	`1120`	`+ if (repo->path)`
	`1121`	`+ url = repo->path;`
	`1122`	`+ if (strncmp(path, url, repo->path_len))`
	`1123`	`+ error("Parsed path '%s' does not match url: '%s'\n",`
	`1124`	`+ path, url);`
	`1125`	`+ else {`
	`1126`	`+ path += repo->path_len;`
	`1127`	`+ ls->dentry_name = xstrdup(path);`
	`1128`	`+ }`
`1121`	`1129`	`}`
`1122`	`1130`	`} else if (!strcmp(ctx->name, DAV_PROPFIND_COLLECTION)) {`
`1123`	`1131`	`ls->dentry_flags \|= IS_DIR;`