Good day!
Spotted the memory overrun in the http-push.c. Exists at least in
1.5.0.x, not sure about latest development branch. The patch is
attached.
--
Eygene
--- http-push.c.orig Wed Feb 28 15:15:01 2007
+++ http-push.c Wed Feb 28 15:15:21 2007
@@ -1295,7 +1295,7 @@
sprintf(url, "%s%s", remote->url, path);
/* Make sure leading directories exist for the remote ref */
- ep = strchr(url + strlen(remote->url) + 11, '/');
+ ep = strchr(url + strlen(remote->url) + 1, '/');
while (ep) {
*ep = 0;
slot = get_active_slot();