Good day! Spotted the memory overrun in the http-push.c. Exists at least in 1.5.0.x, not sure about latest development branch. The patch is attached. -- Eygene
--- http-push.c.orig Wed Feb 28 15:15:01 2007 +++ http-push.c Wed Feb 28 15:15:21 2007 @@ -1295,7 +1295,7 @@ sprintf(url, "%s%s", remote->url, path); /* Make sure leading directories exist for the remote ref */ - ep = strchr(url + strlen(remote->url) + 11, '/'); + ep = strchr(url + strlen(remote->url) + 1, '/'); while (ep) { *ep = 0; slot = get_active_slot();