Florian, good day! > > Spotted the memory overrun in the http-push.c. Exists at least in > > 1.5.0.x, not sure about latest development branch. The patch is > > attached. > > Is this issue security-relevant? After all, the misplaced pointer is > dereferenced and written to. It can be relevant: basically, it is the heap overflow, because 'url' is allocated by xmalloc. Did not tried to exploit it, but old sudo exploit proved that even one byte off memory dereference can be exploited. But this particular exploit will work only for the URLs where the 'path' is shorter than 10 bytes. And I doubt that many people are running http-push in the set-uid mode, so the exploit target will be the person running git-push over HTTP, not the root user. But it does not mean that this is not an issue. Sorry for the long letter. -- Eygene - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html