On Tue, Sep 14, 2021 at 11:29:46AM -0400, Jeff King wrote: > While looking at [1], I noticed that v2 servers will read a few bits of > client input into strvecs. Even though we expect these to be small-ish, > there's nothing preventing a client from sending us a bunch of junk and > wasting memory. > > This series changes that, putting a cap on how much data we'll receive. > The two spots are the "capabilities" list we receive (before we even > dispatch to a particular command like ls-refs or fetch), and the > ref-prefix list we receive for ls-refs. > > [...] Thanks. I reviewed this series carefully and all of my comments were either of the form "you could have written it this way, but I'm equally happy with what you wrote here" or "this behavior change won't affect real users and so I'm OK with it". Reviewed-by: Taylor Blau <me@xxxxxxxxxxxx> Thanks, Taylor