Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-04-04 21:35:52 -04:00
Code Issues Packages Projects Releases Wiki Activity

doc: attacker can display a large byte set

Browse Source
This commit is contained in:
Ben Grande 2024-01-18 19:49:15 +01:00
parent fb2baa19dc
commit bab8f35ee9
No known key found for this signature in database
GPG Key ID: 00C64E14F51F9E56
1 changed files with 4 additions and 1 deletions

5
salt/sys-git/README.md

@ -52,7 +52,10 @@ stdout as packet information during the initial server client negotiation, the
client will display the characters on stderr with an error message containing
the character. Git only filters for control characters but other characters
that are valid UTF-8 such as multibyte are not filtered. The same characters
can be present in the git log.
can be present in the git log. In reality, there are many other ways the
remote can make the client display a refname with attacker controlled data
with a much larger byte size, this cannot be solved while the remote helper
does not verify each received reference.
A remote helper that validates the data received can increase the security
by not printing untrusted data, which is the case with