summaryrefslogtreecommitdiff
path: root/.keys/openpgp/linuxfoundation.org/konstantin
diff options
context:
space:
mode:
authorKonstantin Ryabitsev <konstantin@linuxfoundation.org>2021-06-03 13:04:33 -0400
committerKonstantin Ryabitsev <konstantin@linuxfoundation.org>2021-06-03 13:04:33 -0400
commit7e066cb8834233edde5fef6a5bb391fd2124448b (patch)
tree7ca78de6755f223cbc426914c0615a141bdd47c5 /.keys/openpgp/linuxfoundation.org/konstantin
parent814f8fa85b67dc971cf86a18929a892d5e954a32 (diff)
downloadb4-7e066cb8834233edde5fef6a5bb391fd2124448b.tar.gz
Account for in-body headers when trimming body
When we discover that a message can only be attested after we trim the body, we *must* set the body to that version, otherwise an attacker could append arbitrary content past the l= value boundary. We already do this in the current form, but we weren't properly handing in-body headers like From: and Subject: that are used to indicate to git the patch author vs. committer. This patch set fixes that and also streamlines a few other places where we were already relying on git mailinfo calls. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Diffstat (limited to '.keys/openpgp/linuxfoundation.org/konstantin')
0 files changed, 0 insertions, 0 deletions