diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-06-03 13:04:33 -0400 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-06-03 13:04:33 -0400 |
commit | 7e066cb8834233edde5fef6a5bb391fd2124448b (patch) | |
tree | 7ca78de6755f223cbc426914c0615a141bdd47c5 /README.rst | |
parent | 814f8fa85b67dc971cf86a18929a892d5e954a32 (diff) | |
download | b4-7e066cb8834233edde5fef6a5bb391fd2124448b.tar.gz |
Account for in-body headers when trimming body
When we discover that a message can only be attested after we trim the
body, we *must* set the body to that version, otherwise an attacker
could append arbitrary content past the l= value boundary. We already do
this in the current form, but we weren't properly handing in-body
headers like From: and Subject: that are used to indicate to git the
patch author vs. committer.
This patch set fixes that and also streamlines a few other places where
we were already relying on git mailinfo calls.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Diffstat (limited to 'README.rst')
0 files changed, 0 insertions, 0 deletions