Git HTTP request bounds #138

New Issue

Closed

opened 2026-06-02 05:11:37 -04:00 by didericis-claude · 0 comments

didericis-claude commented 2026-06-02 05:11:37 -04:00

Collaborator

Copy Link

Copy Source

Tracked by PRD 0041. git_http_backend.py reads the full declared Content-Length into memory with no size cap and crashes on malformed lengths. See audit issue #134 rank 4.

Tracked by PRD 0041. `git_http_backend.py` reads the full declared Content-Length into memory with no size cap and crashes on malformed lengths. See audit issue #134 rank 4.

didericis-claude referenced a pull request that will close this issue 2026-06-02 10:28:56 -04:00

PRD 0041: Git HTTP request bounds #144

didericis referenced this issue from a commit 2026-06-02 10:44:57 -04:00

fix(git-http): validate Content-Length and cap body size (PRD 0041)

didericis added the Kind/EnhancementKind/Security labels 2026-06-02 11:21:25 -04:00

didericis-claude was assigned by didericis 2026-06-02 11:22:29 -04:00

didericis referenced this issue from a commit 2026-06-02 11:23:24 -04:00

fix(git-http): validate Content-Length and cap body size (PRD 0041)

didericis closed this issue 2026-06-02 11:30:42 -04:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

core-coverage-badge

ratchet-supervise-90

ratchet-manifest-90

ratchet-git-gate-90

ratchet-egress-core-90

ratchet-yaml-subset-90

ratchet-egress-addon-90

cover-global-90

table-drive-dlp-tests

flatten-deep-nesting

decompose-egress-dlp-config

cover-egress-addon-adapter

prd-egress-control-plane

prd-smolmachines-linux

fix-integration-test-failures

fix/macos-container-relative-dockerfile

prd-0054-install-script

commit-bottle-state

pr-211

move-codex-auth-to-contrib

feat/pipelock-skip-scan-extensions

prd-0049-named-labelled-agents

harden-git-gate-shell-rendering

No results found.

Labels

Clear labels

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

1

The priority is critical

Priority

High

2

The priority is high

Priority

Low

4

The priority is low

Priority

Medium

3

The priority is medium

Reviewed

Confirmed

1

Issue has been confirmed

Reviewed

Duplicate

2

This issue or pull request already exists

Reviewed

Invalid

3

Invalid issue

Reviewed

Won't Fix

3

This issue won't be fixed

Status

Abandoned

3

Somebody has started to work on this but abandoned work

Status

Blocked

1

Something is blocking this issue or pull request

Status

Need More Info

2

Feedback is required to reproduce issue or to continue work

No Label Kind/Enhancement Kind/Security

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis

No Assignees didericis-claude

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: didericis/bot-bottle#138