diff options
author | Junio C Hamano <gitster@pobox.com> | 2023-06-21 01:53:12 +0300 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2023-06-21 01:53:13 +0300 |
commit | 9cd234e6465ab2bea5c402f0d9ee1495501250ef (patch) | |
tree | a49e3100d91ff919f5ff7bfdcf9c665dcc6408a2 | |
parent | 098a191a9705b013850dc64381ed9a5ca7ac0f80 (diff) | |
parent | fbc806acd106ee1c05fd0a0a83b7c59aa79629d8 (diff) |
Merge branch 'tb/submodule-null-deref-fix'
"git submodule" code trusted the data coming from the config (and
the in-tree .gitmodules file) too much without validating, leading
to NULL dereference if the user mucks with a repository (e.g.
submodule.<name>.url is removed). This has been corrected.
* tb/submodule-null-deref-fix:
builtin/submodule--helper.c: handle missing submodule URLs
-rw-r--r-- | builtin/submodule--helper.c | 7 | ||||
-rwxr-xr-x | t/t7400-submodule-basic.sh | 16 |
2 files changed, 21 insertions, 2 deletions
diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c index 6bf8d666ce..6a16208e8a 100644 --- a/builtin/submodule--helper.c +++ b/builtin/submodule--helper.c @@ -2024,14 +2024,17 @@ static int prepare_to_clone_next_submodule(const struct cache_entry *ce, strbuf_reset(&sb); strbuf_addf(&sb, "submodule.%s.url", sub->name); if (repo_config_get_string_tmp(the_repository, sb.buf, &url)) { - if (starts_with_dot_slash(sub->url) || - starts_with_dot_dot_slash(sub->url)) { + if (sub->url && (starts_with_dot_slash(sub->url) || + starts_with_dot_dot_slash(sub->url))) { url = resolve_relative_url(sub->url, NULL, 0); need_free_url = 1; } else url = sub->url; } + if (!url) + die(_("cannot clone submodule '%s' without a URL"), sub->name); + strbuf_reset(&sb); strbuf_addf(&sb, "%s/.git", ce->name); needs_cloning = !file_exists(sb.buf); diff --git a/t/t7400-submodule-basic.sh b/t/t7400-submodule-basic.sh index eae6a46ef3..d9fbabb2b9 100755 --- a/t/t7400-submodule-basic.sh +++ b/t/t7400-submodule-basic.sh @@ -1351,6 +1351,22 @@ test_expect_success 'clone active submodule without submodule url set' ' ) ' +test_expect_success 'update submodules without url set in .gitconfig' ' + test_when_finished "rm -rf multisuper_clone" && + git clone file://"$pwd"/multisuper multisuper_clone && + + git -C multisuper_clone submodule init && + for s in sub0 sub1 sub2 sub3 + do + key=submodule.$s.url && + git -C multisuper_clone config --local --unset $key && + git -C multisuper_clone config --file .gitmodules --unset $key || return 1 + done && + + test_must_fail git -C multisuper_clone submodule update 2>err && + grep "cannot clone submodule .sub[0-3]. without a URL" err +' + test_expect_success 'clone --recurse-submodules with a pathspec works' ' test_when_finished "rm -rf multisuper_clone" && cat >expected <<-\EOF && |