After we send I HATE YOU we should probably exit and not happily
continue with I LOVE YOU and further communication.
Most clients will probably just exit and ignore everything we
send after the I HATE YOU and it is not a security problem
either because we don't really care about the user name anyway.
But it is still the right thing to do.
Signed-off-by: Frank Lichtenheld <frank@xxxxxxxxxxxxxx>
---
git-cvsserver.perl | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index a07c725..fcfb99d 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -105,6 +105,7 @@ if (@ARGV && $ARGV[0] eq 'pserver') {
unless ($line eq 'anonymous') {
print "E Only anonymous user allowed via pserver\n";
print "I HATE YOU\n";
+ exit 1;
}
$line = <STDIN>; chomp $line; # validate the password?
$line = <STDIN>; chomp $line;
--
1.5.1.4
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
