From: Junio C Hamano <gitster@pobox.com>
Date: Fri, 17 Mar 2017 20:50:26 +0000 (-0700)
Subject: Merge branch 'jk/http-walker-buffer-underflow-fix'
X-Git-Tag: v2.13.0-rc0~104
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/2af882be0181ee29aa3a4fb3181b94e9bca53c51?ds=inline;hp=-c

Merge branch 'jk/http-walker-buffer-underflow-fix'

"Dumb http" transport used to misparse a nonsense http-alternates
response, which has been fixed.

* jk/http-walker-buffer-underflow-fix:
http-walker: fix buffer underflow processing remote alternates
---

2af882be0181ee29aa3a4fb3181b94e9bca53c51
diff --combined http-walker.c
index ab7d5537ae,507c200f00..ee049cb13d
--- a/http-walker.c
+++ b/http-walker.c
@@@ -168,11 -168,6 +168,11 @@@ static int is_alternate_allowed(const c
  	};
  	int i;
  
 +	if (http_follow_config != HTTP_FOLLOW_ALWAYS) {
 +		warning("alternate disabled by http.followRedirects: %s", url);
 +		return 0;
 +	}
 +
  	for (i = 0; i < ARRAY_SIZE(protocols); i++) {
  		const char *end;
  		if (skip_prefix(url, protocols[i], &end) &&
@@@ -301,13 -296,16 +301,16 @@@ static void process_alternates_response
  					okay = 1;
  				}
  			}
- 			/* skip "objects\n" at end */
  			if (okay) {
  				struct strbuf target = STRBUF_INIT;
  				strbuf_add(&target, base, serverlen);
- 				strbuf_add(&target, data + i, posn - i - 7);
- 
- 				if (is_alternate_allowed(target.buf)) {
+ 				strbuf_add(&target, data + i, posn - i);
+ 				if (!strbuf_strip_suffix(&target, "objects")) {
+ 					warning("ignoring alternate that does"
+ 						" not end in 'objects': %s",
+ 						target.buf);
+ 					strbuf_release(&target);
+ 				} else if (is_alternate_allowed(target.buf)) {
  					warning("adding alternate object store: %s",
  						target.buf);
  					newalt = xmalloc(sizeof(*newalt));
@@@ -319,8 -317,6 +322,8 @@@
  					while (tail->next != NULL)
  						tail = tail->next;
  					tail->next = newalt;
 +				} else {
 +					strbuf_release(&target);
  				}
  			}
  		}
@@@ -338,6 -334,9 +341,6 @@@ static void fetch_alternates(struct wal
  	struct alternates_request alt_req;
  	struct walker_data *cdata = walker->data;
  
 -	if (http_follow_config != HTTP_FOLLOW_ALWAYS)
 -		return;
 -
  	/*
  	 * If another request has already started fetching alternates,
  	 * wait for them to arrive and return to processing this request's