From: Junio C Hamano <gitster@pobox.com>
Date: Tue, 3 Mar 2015 22:37:05 +0000 (-0800)
Subject: Merge branch 'jk/daemon-interpolate'
X-Git-Tag: v2.4.0-rc0~75
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/4c3dbbf7225c45ab0e04953090d0ece4a15e83a2

Merge branch 'jk/daemon-interpolate'

The "interpolated-path" option of "git daemon" inserted any string
client declared on the "host=" capability request without checking.
Sanitize and limit %H and %CH to a saner and a valid DNS name.

* jk/daemon-interpolate:
daemon: sanitize incoming virtual hostname
t5570: test git-daemon's --interpolated-path option
git_connect: let user override virtual-host we send to daemon
---

4c3dbbf7225c45ab0e04953090d0ece4a15e83a2
diff --cc daemon.c
index 09fa652fd1,b0b2b53820..c3edd960ec
--- a/daemon.c
+++ b/daemon.c
@@@ -557,11 -564,10 +596,11 @@@ static void parse_host_arg(char *extra_
  				parse_host_and_port(val, &host, &port);
  				if (port) {
  					free(tcp_port);
- 					tcp_port = xstrdup(port);
+ 					tcp_port = sanitize_client(port);
  				}
  				free(hostname);
- 				hostname = xstrdup_tolower(host);
+ 				hostname = canonicalize_client(host);
 +				hostname_lookup_done = 0;
  			}
  
  			/* On to the next one */