Welcome to mirror list, hosted at ThFree Co, Russian Federation.

git.kernel.org/pub/scm/git/git.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Schindelin <johannes.schindelin@gmx.de>2019-09-16 14:26:40 +0300
committerJohannes Schindelin <johannes.schindelin@gmx.de>2019-12-04 15:23:22 +0300
commit4778452597027f6033db9f3ba6709913eadc3c8c (patch)
treec3e36cceeadde0713a1f154b075ca1176f1b4a8b
parenta7b1ad3b05fd1dc03c3de12ea4f2d8118ad24e2c (diff)
parente1d911dd4c7b76a5a8cec0f5c8de15981e34da83 (diff)
Merge branch 'prevent-name-squatting-on-windows'
This patch series fixes an issue where Git could formerly have been tricked into creating a `.git` file with an unexpected (and therefore unprotected) NTFS short name. Incidentally, it also fixes an issue where a tree entry containing a backslash could be tricked into following a symbolic link, i.e. Git could be tricked into writing files outside the worktree. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-rw-r--r--builtin/clone.c2
-rw-r--r--builtin/submodule--helper.c13
-rwxr-xr-xgit-submodule.sh6
-rwxr-xr-xt/t1450-fsck.sh1
-rwxr-xr-xt/t7415-submodule-names.sh33
-rwxr-xr-xt/t9350-fast-export.sh1
-rw-r--r--tree-walk.c6
7 files changed, 60 insertions, 2 deletions
diff --git a/builtin/clone.c b/builtin/clone.c
index f7e17d2295..44b716923f 100644
--- a/builtin/clone.c
+++ b/builtin/clone.c
@@ -757,7 +757,7 @@ static int checkout(int submodule_progress)
if (!err && (option_recurse_submodules.nr > 0)) {
struct argv_array args = ARGV_ARRAY_INIT;
- argv_array_pushl(&args, "submodule", "update", "--init", "--recursive", NULL);
+ argv_array_pushl(&args, "submodule", "update", "--require-init", "--recursive", NULL);
if (option_shallow_submodules == 1)
argv_array_push(&args, "--depth=1");
diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c
index 676cfed770..79156fac45 100644
--- a/builtin/submodule--helper.c
+++ b/builtin/submodule--helper.c
@@ -13,6 +13,7 @@
#include "remote.h"
#include "refs.h"
#include "connect.h"
+#include "dir.h"
static char *get_default_remote(void)
{
@@ -623,6 +624,7 @@ static int module_clone(int argc, const char **argv, const char *prefix)
char *p, *path = NULL, *sm_gitdir;
struct strbuf sb = STRBUF_INIT;
struct string_list reference = STRING_LIST_INIT_NODUP;
+ int require_init = 0;
char *sm_alternate = NULL, *error_strategy = NULL;
struct option module_clone_options[] = {
@@ -647,6 +649,8 @@ static int module_clone(int argc, const char **argv, const char *prefix)
OPT__QUIET(&quiet, "Suppress output for cloning a submodule"),
OPT_BOOL(0, "progress", &progress,
N_("force cloning progress")),
+ OPT_BOOL(0, "require-init", &require_init,
+ N_("disallow cloning into non-empty directory")),
OPT_END()
};
@@ -685,6 +689,8 @@ static int module_clone(int argc, const char **argv, const char *prefix)
die(_("clone of '%s' into submodule path '%s' failed"),
url, path);
} else {
+ if (require_init && !access(path, X_OK) && !is_empty_dir(path))
+ die(_("directory not empty: '%s'"), path);
if (safe_create_leading_directories_const(path) < 0)
die(_("could not create directory '%s'"), path);
strbuf_addf(&sb, "%s/index", sm_gitdir);
@@ -733,6 +739,7 @@ struct submodule_update_clone {
int quiet;
int recommend_shallow;
struct string_list references;
+ unsigned require_init;
const char *depth;
const char *recursive_prefix;
const char *prefix;
@@ -748,7 +755,7 @@ struct submodule_update_clone {
int failed_clones_nr, failed_clones_alloc;
};
#define SUBMODULE_UPDATE_CLONE_INIT {0, MODULE_LIST_INIT, 0, \
- SUBMODULE_UPDATE_STRATEGY_INIT, 0, 0, -1, STRING_LIST_INIT_DUP, \
+ SUBMODULE_UPDATE_STRATEGY_INIT, 0, 0, -1, STRING_LIST_INIT_DUP, 0, \
NULL, NULL, NULL, \
STRING_LIST_INIT_DUP, 0, NULL, 0, 0}
@@ -850,6 +857,8 @@ static int prepare_to_clone_next_submodule(const struct cache_entry *ce,
argv_array_pushl(&child->args, "--prefix", suc->prefix, NULL);
if (suc->recommend_shallow && sub->recommend_shallow == 1)
argv_array_push(&child->args, "--depth=1");
+ if (suc->require_init)
+ argv_array_push(&child->args, "--require-init");
argv_array_pushl(&child->args, "--path", sub->path, NULL);
argv_array_pushl(&child->args, "--name", sub->name, NULL);
argv_array_pushl(&child->args, "--url", sub->url, NULL);
@@ -992,6 +1001,8 @@ static int update_clone(int argc, const char **argv, const char *prefix)
OPT__QUIET(&suc.quiet, N_("don't print cloning progress")),
OPT_BOOL(0, "progress", &suc.progress,
N_("force cloning progress")),
+ OPT_BOOL(0, "require-init", &suc.require_init,
+ N_("disallow cloning into non-empty directory")),
OPT_END()
};
diff --git a/git-submodule.sh b/git-submodule.sh
index 8f260fbd9c..e4843a5874 100755
--- a/git-submodule.sh
+++ b/git-submodule.sh
@@ -34,6 +34,7 @@ reference=
cached=
recursive=
init=
+require_init=
files=
remote=
nofetch=
@@ -528,6 +529,10 @@ cmd_update()
-i|--init)
init=1
;;
+ --require-init)
+ init=1
+ require_init=1
+ ;;
--remote)
remote=1
;;
@@ -606,6 +611,7 @@ cmd_update()
${update:+--update "$update"} \
${reference:+"$reference"} \
${depth:+--depth "$depth"} \
+ ${require_init:+--require-init} \
${recommend_shallow:+"$recommend_shallow"} \
${jobs:+$jobs} \
"$@" || echo "#unmatched" $?
diff --git a/t/t1450-fsck.sh b/t/t1450-fsck.sh
index cb4b66e29d..33c955f912 100755
--- a/t/t1450-fsck.sh
+++ b/t/t1450-fsck.sh
@@ -419,6 +419,7 @@ while read name path pretty; do
(
git init $name-$type &&
cd $name-$type &&
+ git config core.protectNTFS false &&
echo content >file &&
git add file &&
git commit -m base &&
diff --git a/t/t7415-submodule-names.sh b/t/t7415-submodule-names.sh
index 75fa071c6d..7c65e7a35c 100755
--- a/t/t7415-submodule-names.sh
+++ b/t/t7415-submodule-names.sh
@@ -73,4 +73,37 @@ test_expect_success 'clone evil superproject' '
! grep "RUNNING POST CHECKOUT" output
'
+test_expect_success MINGW 'prevent git~1 squatting on Windows' '
+ git init squatting &&
+ (
+ cd squatting &&
+ mkdir a &&
+ touch a/..git &&
+ git add a/..git &&
+ test_tick &&
+ git commit -m initial &&
+
+ modules="$(test_write_lines \
+ "[submodule \"b.\"]" "url = ." "path = c" \
+ "[submodule \"b\"]" "url = ." "path = d\\\\a" |
+ git hash-object -w --stdin)" &&
+ rev="$(git rev-parse --verify HEAD)" &&
+ hash="$(echo x | git hash-object -w --stdin)" &&
+ git -c core.protectNTFS=false update-index --add \
+ --cacheinfo 100644,$modules,.gitmodules \
+ --cacheinfo 160000,$rev,c \
+ --cacheinfo 160000,$rev,d\\a \
+ --cacheinfo 100644,$hash,d./a/x \
+ --cacheinfo 100644,$hash,d./a/..git &&
+ test_tick &&
+ git -c core.protectNTFS=false commit -m "module" &&
+ test_must_fail git show HEAD: 2>err &&
+ test_i18ngrep backslash err
+ ) &&
+ test_must_fail git -c core.protectNTFS=false \
+ clone --recurse-submodules squatting squatting-clone 2>err &&
+ test_i18ngrep "directory not empty" err &&
+ ! grep gitdir squatting-clone/d/a/git~2
+'
+
test_done
diff --git a/t/t9350-fast-export.sh b/t/t9350-fast-export.sh
index 866ddf6058..e6062071e6 100755
--- a/t/t9350-fast-export.sh
+++ b/t/t9350-fast-export.sh
@@ -421,6 +421,7 @@ test_expect_success 'directory becomes symlink' '
test_expect_success 'fast-export quotes pathnames' '
git init crazy-paths &&
+ test_config -C crazy-paths core.protectNTFS false &&
(cd crazy-paths &&
blob=$(echo foo | git hash-object -w --stdin) &&
git update-index --add \
diff --git a/tree-walk.c b/tree-walk.c
index d459feda23..54ff959d7f 100644
--- a/tree-walk.c
+++ b/tree-walk.c
@@ -41,6 +41,12 @@ static int decode_tree_entry(struct tree_desc *desc, const char *buf, unsigned l
strbuf_addstr(err, _("empty filename in tree entry"));
return -1;
}
+#ifdef GIT_WINDOWS_NATIVE
+ if (protect_ntfs && strchr(path, '\\')) {
+ strbuf_addf(err, _("filename in tree entry contains backslash: '%s'"), path);
+ return -1;
+ }
+#endif
len = strlen(path) + 1;
/* Initialize the descriptor entry */