On Wed, Sep 15, 2021 at 10:33:32AM -0700, Junio C Hamano wrote: > Jeff King <peff@xxxxxxxx> writes: > > > When we see a line from the client like "command=ls-refs", we parse > > everything after the equals sign as a capability, which we check against > > our capabilities table. If we don't recognize the command (e.g., > > "command=foo"), we'll reject it. But we use the same parser that checks > > for regular capabilities like "object-format=sha256". And so we'll > > accept "ls-refs=foo", even though everything after the equals is bogus, > > and simply ignored. > > Maybe I am slow but I had to read the above a few times and finally > look at the implementation of parse_command() to realize that what > the last sentence describes is: > > When parse_command() is fed "command=ls-refs=foo", it strips > "command=", feeds "ls-refs=foo" to get_capability(), and because > we do not ensure value is NULL, we silently ignore "=foo" that > is bogus. > > And it makes sense. It would probably have helped if I peeked the > updated test ;-) Since I'm re-rolling anyway, I'll expand it a bit (and also cover Ævar's "what exactly does violate mean here" question). -Peff
