Merge branch 'prevent-name-squatting-on-windows'
This patch series fixes an issue where Git could formerly have been tricked into creating a `.git` file with an unexpected (and therefore unprotected) NTFS short name. Incidentally, it also fixes an issue where a tree entry containing a backslash could be tricked into following a symbolic link, i.e. Git could be tricked into writing files outside the worktree. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin
commit
4778452597
@ -757,7 +757,7 @@ static int checkout(int submodule_progress)
|
||||
|
||||
if (!err && (option_recurse_submodules.nr > 0)) {
|
||||
struct argv_array args = ARGV_ARRAY_INIT;
|
||||
argv_array_pushl(&args, "submodule", "update", "--init", "--recursive", NULL);
|
||||
argv_array_pushl(&args, "submodule", "update", "--require-init", "--recursive", NULL);
|
||||
|
||||
if (option_shallow_submodules == 1)
|
||||
argv_array_push(&args, "--depth=1");
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
#include "remote.h"
|
||||
#include "refs.h"
|
||||
#include "connect.h"
|
||||
#include "dir.h"
|
||||
|
||||
static char *get_default_remote(void)
|
||||
{
|
||||
@ -623,6 +624,7 @@ static int module_clone(int argc, const char **argv, const char *prefix)
|
||||
char *p, *path = NULL, *sm_gitdir;
|
||||
struct strbuf sb = STRBUF_INIT;
|
||||
struct string_list reference = STRING_LIST_INIT_NODUP;
|
||||
int require_init = 0;
|
||||
char *sm_alternate = NULL, *error_strategy = NULL;
|
||||
|
||||
struct option module_clone_options[] = {
|
||||
@ -647,6 +649,8 @@ static int module_clone(int argc, const char **argv, const char *prefix)
|
||||
OPT__QUIET(&quiet, "Suppress output for cloning a submodule"),
|
||||
OPT_BOOL(0, "progress", &progress,
|
||||
N_("force cloning progress")),
|
||||
OPT_BOOL(0, "require-init", &require_init,
|
||||
N_("disallow cloning into non-empty directory")),
|
||||
OPT_END()
|
||||
};
|
||||
|
||||
@ -685,6 +689,8 @@ static int module_clone(int argc, const char **argv, const char *prefix)
|
||||
die(_("clone of '%s' into submodule path '%s' failed"),
|
||||
url, path);
|
||||
} else {
|
||||
if (require_init && !access(path, X_OK) && !is_empty_dir(path))
|
||||
die(_("directory not empty: '%s'"), path);
|
||||
if (safe_create_leading_directories_const(path) < 0)
|
||||
die(_("could not create directory '%s'"), path);
|
||||
strbuf_addf(&sb, "%s/index", sm_gitdir);
|
||||
@ -733,6 +739,7 @@ struct submodule_update_clone {
|
||||
int quiet;
|
||||
int recommend_shallow;
|
||||
struct string_list references;
|
||||
unsigned require_init;
|
||||
const char *depth;
|
||||
const char *recursive_prefix;
|
||||
const char *prefix;
|
||||
@ -748,7 +755,7 @@ struct submodule_update_clone {
|
||||
int failed_clones_nr, failed_clones_alloc;
|
||||
};
|
||||
#define SUBMODULE_UPDATE_CLONE_INIT {0, MODULE_LIST_INIT, 0, \
|
||||
SUBMODULE_UPDATE_STRATEGY_INIT, 0, 0, -1, STRING_LIST_INIT_DUP, \
|
||||
SUBMODULE_UPDATE_STRATEGY_INIT, 0, 0, -1, STRING_LIST_INIT_DUP, 0, \
|
||||
NULL, NULL, NULL, \
|
||||
STRING_LIST_INIT_DUP, 0, NULL, 0, 0}
|
||||
|
||||
@ -850,6 +857,8 @@ static int prepare_to_clone_next_submodule(const struct cache_entry *ce,
|
||||
argv_array_pushl(&child->args, "--prefix", suc->prefix, NULL);
|
||||
if (suc->recommend_shallow && sub->recommend_shallow == 1)
|
||||
argv_array_push(&child->args, "--depth=1");
|
||||
if (suc->require_init)
|
||||
argv_array_push(&child->args, "--require-init");
|
||||
argv_array_pushl(&child->args, "--path", sub->path, NULL);
|
||||
argv_array_pushl(&child->args, "--name", sub->name, NULL);
|
||||
argv_array_pushl(&child->args, "--url", sub->url, NULL);
|
||||
@ -992,6 +1001,8 @@ static int update_clone(int argc, const char **argv, const char *prefix)
|
||||
OPT__QUIET(&suc.quiet, N_("don't print cloning progress")),
|
||||
OPT_BOOL(0, "progress", &suc.progress,
|
||||
N_("force cloning progress")),
|
||||
OPT_BOOL(0, "require-init", &suc.require_init,
|
||||
N_("disallow cloning into non-empty directory")),
|
||||
OPT_END()
|
||||
};
|
||||
|
||||
|
||||
@ -34,6 +34,7 @@ reference=
|
||||
cached=
|
||||
recursive=
|
||||
init=
|
||||
require_init=
|
||||
files=
|
||||
remote=
|
||||
nofetch=
|
||||
@ -528,6 +529,10 @@ cmd_update()
|
||||
-i|--init)
|
||||
init=1
|
||||
;;
|
||||
--require-init)
|
||||
init=1
|
||||
require_init=1
|
||||
;;
|
||||
--remote)
|
||||
remote=1
|
||||
;;
|
||||
@ -606,6 +611,7 @@ cmd_update()
|
||||
${update:+--update "$update"} \
|
||||
${reference:+"$reference"} \
|
||||
${depth:+--depth "$depth"} \
|
||||
${require_init:+--require-init} \
|
||||
${recommend_shallow:+"$recommend_shallow"} \
|
||||
${jobs:+$jobs} \
|
||||
"$@" || echo "#unmatched" $?
|
||||
|
||||
@ -419,6 +419,7 @@ while read name path pretty; do
|
||||
(
|
||||
git init $name-$type &&
|
||||
cd $name-$type &&
|
||||
git config core.protectNTFS false &&
|
||||
echo content >file &&
|
||||
git add file &&
|
||||
git commit -m base &&
|
||||
|
||||
@ -73,4 +73,37 @@ test_expect_success 'clone evil superproject' '
|
||||
! grep "RUNNING POST CHECKOUT" output
|
||||
'
|
||||
|
||||
test_expect_success MINGW 'prevent git~1 squatting on Windows' '
|
||||
git init squatting &&
|
||||
(
|
||||
cd squatting &&
|
||||
mkdir a &&
|
||||
touch a/..git &&
|
||||
git add a/..git &&
|
||||
test_tick &&
|
||||
git commit -m initial &&
|
||||
|
||||
modules="$(test_write_lines \
|
||||
"[submodule \"b.\"]" "url = ." "path = c" \
|
||||
"[submodule \"b\"]" "url = ." "path = d\\\\a" |
|
||||
git hash-object -w --stdin)" &&
|
||||
rev="$(git rev-parse --verify HEAD)" &&
|
||||
hash="$(echo x | git hash-object -w --stdin)" &&
|
||||
git -c core.protectNTFS=false update-index --add \
|
||||
--cacheinfo 100644,$modules,.gitmodules \
|
||||
--cacheinfo 160000,$rev,c \
|
||||
--cacheinfo 160000,$rev,d\\a \
|
||||
--cacheinfo 100644,$hash,d./a/x \
|
||||
--cacheinfo 100644,$hash,d./a/..git &&
|
||||
test_tick &&
|
||||
git -c core.protectNTFS=false commit -m "module" &&
|
||||
test_must_fail git show HEAD: 2>err &&
|
||||
test_i18ngrep backslash err
|
||||
) &&
|
||||
test_must_fail git -c core.protectNTFS=false \
|
||||
clone --recurse-submodules squatting squatting-clone 2>err &&
|
||||
test_i18ngrep "directory not empty" err &&
|
||||
! grep gitdir squatting-clone/d/a/git~2
|
||||
'
|
||||
|
||||
test_done
|
||||
|
||||
@ -421,6 +421,7 @@ test_expect_success 'directory becomes symlink' '
|
||||
|
||||
test_expect_success 'fast-export quotes pathnames' '
|
||||
git init crazy-paths &&
|
||||
test_config -C crazy-paths core.protectNTFS false &&
|
||||
(cd crazy-paths &&
|
||||
blob=$(echo foo | git hash-object -w --stdin) &&
|
||||
git update-index --add \
|
||||
|
||||
@ -41,6 +41,12 @@ static int decode_tree_entry(struct tree_desc *desc, const char *buf, unsigned l
|
||||
strbuf_addstr(err, _("empty filename in tree entry"));
|
||||
return -1;
|
||||
}
|
||||
#ifdef GIT_WINDOWS_NATIVE
|
||||
if (protect_ntfs && strchr(path, '\\')) {
|
||||
strbuf_addf(err, _("filename in tree entry contains backslash: '%s'"), path);
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
len = strlen(path) + 1;
|
||||
|
||||
/* Initialize the descriptor entry */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user