6d8684161e
We need to be careful to follow proper quoting rules. For example, if an argument contains spaces, we have to quote them. Double-quotes need to be escaped. Backslashes need to be escaped, but only if they are followed by a double-quote character. We need to be _extra_ careful to consider the case where an argument ends in a backslash _and_ needs to be quoted: in this case, we append a double-quote character, i.e. the backslash now has to be escaped! The current code, however, fails to recognize that, and therefore can turn an argument that ends in a single backslash into a quoted argument that now ends in an escaped double-quote character. This allows subsequent command-line parameters to be split and part of them being mistaken for command-line options, e.g. through a maliciously-crafted submodule URL during a recursive clone. Technically, we would not need to quote _all_ arguments which end in a backslash _unless_ the argument needs to be quoted anyway. For example, `test\` would not need to be quoted, while `test \` would need to be. To keep the code simple, however, and therefore easier to reason about and ensure its correctness, we now _always_ quote an argument that ends in a backslash. This addresses CVE-2019-1350. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
||
---|---|---|
.. | ||
nedmalloc | ||
poll | ||
regex | ||
vcbuild | ||
win32 | ||
apple-common-crypto.h | ||
basename.c | ||
bswap.h | ||
cygwin.c | ||
cygwin.h | ||
fopen.c | ||
gmtime.c | ||
hstrerror.c | ||
inet_ntop.c | ||
inet_pton.c | ||
memmem.c | ||
mingw.c | ||
mingw.h | ||
mkdir.c | ||
mkdtemp.c | ||
mmap.c | ||
msvc.c | ||
msvc.h | ||
obstack.c | ||
obstack.h | ||
pread.c | ||
precompose_utf8.c | ||
precompose_utf8.h | ||
qsort_s.c | ||
qsort.c | ||
setenv.c | ||
sha1-chunked.c | ||
sha1-chunked.h | ||
snprintf.c | ||
stat.c | ||
strcasestr.c | ||
strdup.c | ||
strlcpy.c | ||
strtoimax.c | ||
strtoumax.c | ||
terminal.c | ||
terminal.h | ||
unsetenv.c | ||
win32.h | ||
win32mmap.c | ||
winansi.c |