[PATCH] push --signed: tighten what the receiving end can ask to sign

Instead of blindly trusting the receiving side to give us a sensible nonce to sign, limit the length (max 256 bytes) and the alphabet (alnum and a few selected punctuations, enough to encode in base64) that can be used in nonce. Noticed-by: Jann Horn j...@thejh.net Signed-off-by: Junio C Hamano

Re: [PATCH] push --signed: tighten what the receiving end can ask to sign

On Thu, Apr 02, 2015 at 03:09:15PM -0700, Junio C Hamano wrote: + if (isalnum(ch) || + ch == '-' || ch == '.' || + ch == '/' || ch == '+' || + ch == '=' || ch == '_') + continue; I think this looks good. Earlier