| commit | afcb6ee30acf17f4e0338c49fbab301131abfbba | |
| author | Junio C Hamano <gitster@pobox.com> | |
| Thu, 2 Apr 2015 01:00:36 +0000 (1 18:00 -0700) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Thu, 2 Apr 2015 18:05:18 +0000 (2 11:05 -0700) | ||
| tree | 8459187f6b4bddbbf09d681b96085e76853f7787 | treesnapshot (tar.gz zip) |
| parent | 45917f0f994aee78dccf2a41000b48fc23db1a0b | commitdiff |
push --signed: tighten what the receiving end can ask to sign
Instead of blindly trusting the receiving side to give us a sensible
nonce to sign, limit the length (max 256 bytes) and the alphabet
(alnum and a few selected punctuations, enough to encode in base64)
that can be used in nonce.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Instead of blindly trusting the receiving side to give us a sensible
nonce to sign, limit the length (max 256 bytes) and the alphabet
(alnum and a few selected punctuations, enough to encode in base64)
that can be used in nonce.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| send-pack.c | diffblobblamehistory |