mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-24 23:19:37 -05:00
doc: attacker can display a large byte set
This commit is contained in:
parent
0887c24a19
commit
04a016e876
@ -52,7 +52,10 @@ stdout as packet information during the initial server client negotiation, the
|
|||||||
client will display the characters on stderr with an error message containing
|
client will display the characters on stderr with an error message containing
|
||||||
the character. Git only filters for control characters but other characters
|
the character. Git only filters for control characters but other characters
|
||||||
that are valid UTF-8 such as multibyte are not filtered. The same characters
|
that are valid UTF-8 such as multibyte are not filtered. The same characters
|
||||||
can be present in the git log.
|
can be present in the git log. In reality, there are many other ways the
|
||||||
|
remote can make the client display a refname with attacker controlled data
|
||||||
|
with a much larger byte size, this cannot be solved while the remote helper
|
||||||
|
does not verify each received reference.
|
||||||
|
|
||||||
A remote helper that validates the data received can increase the security
|
A remote helper that validates the data received can increase the security
|
||||||
by not printing untrusted data, which is the case with
|
by not printing untrusted data, which is the case with
|
||||||
|
Loading…
Reference in New Issue
Block a user