diff options
| author | Junio C Hamano <gitster@pobox.com> | 2018-09-27 21:35:43 +0300 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2018-09-27 21:35:43 +0300 |
| commit | 424aac653acce98f1bfb7f8b7bf36361f558472d (patch) | |
| tree | 760542d1cc64bfe430938ccd14d2f9a4eeecb5b5 | |
| parent | a42a58d7b62cc1d6301440e81a83feed9d7c118c (diff) | |
| parent | 924c623e1c71b98da608f980a97f9730c021ba44 (diff) | |
Sync with 2.15.3
* maint-2.15:
Git 2.15.3
Git 2.14.5
submodule-config: ban submodule paths that start with a dash
submodule-config: ban submodule urls that start with dash
submodule--helper: use "--" to signal end of clone options
| -rw-r--r-- | Documentation/RelNotes/2.14.5.txt | 16 | ||||
| -rw-r--r-- | Documentation/RelNotes/2.15.3.txt | 6 | ||||
| -rw-r--r-- | builtin/submodule--helper.c | 1 | ||||
| -rw-r--r-- | submodule-config.c | 10 | ||||
| -rwxr-xr-x | t/t7416-submodule-dash-url.sh | 34 | ||||
| -rwxr-xr-x | t/t7417-submodule-path-url.sh | 20 |
6 files changed, 87 insertions, 0 deletions
diff --git a/Documentation/RelNotes/2.14.5.txt b/Documentation/RelNotes/2.14.5.txt new file mode 100644 index 0000000000..130645fb29 --- /dev/null +++ b/Documentation/RelNotes/2.14.5.txt @@ -0,0 +1,16 @@ +Git v2.14.5 Release Notes +========================= + +This release is to address the recently reported CVE-2018-17456. + +Fixes since v2.14.4 +------------------- + + * Submodules' "URL"s come from the untrusted .gitmodules file, but + we blindly gave it to "git clone" to clone submodules when "git + clone --recurse-submodules" was used to clone a project that has + such a submodule. The code has been hardened to reject such + malformed URLs (e.g. one that begins with a dash). + +Credit for finding and fixing this vulnerability goes to joernchen +and Jeff King, respectively. diff --git a/Documentation/RelNotes/2.15.3.txt b/Documentation/RelNotes/2.15.3.txt new file mode 100644 index 0000000000..fd2e6f8df7 --- /dev/null +++ b/Documentation/RelNotes/2.15.3.txt @@ -0,0 +1,6 @@ +Git v2.15.3 Release Notes +========================= + +This release merges up the fixes that appear in v2.14.5 to address +the recently reported CVE-2018-17456; see the release notes for that +version for details. diff --git a/builtin/submodule--helper.c b/builtin/submodule--helper.c index 9f658a59a2..13312ac808 100644 --- a/builtin/submodule--helper.c +++ b/builtin/submodule--helper.c @@ -741,6 +741,7 @@ static int clone_submodule(const char *path, const char *gitdir, const char *url if (gitdir && *gitdir) argv_array_pushl(&cp.args, "--separate-git-dir", gitdir, NULL); + argv_array_push(&cp.args, "--"); argv_array_push(&cp.args, url); argv_array_push(&cp.args, path); diff --git a/submodule-config.c b/submodule-config.c index e5f4901212..3c40f1f1c5 100644 --- a/submodule-config.c +++ b/submodule-config.c @@ -383,6 +383,12 @@ static void warn_multiple_config(const unsigned char *treeish_name, commit_string, name, option); } +static void warn_command_line_option(const char *var, const char *value) +{ + warning(_("ignoring '%s' which may be interpreted as" + " a command-line option: %s"), var, value); +} + struct parse_config_parameter { struct submodule_cache *cache; const unsigned char *treeish_name; @@ -408,6 +414,8 @@ static int parse_config(const char *var, const char *value, void *data) if (!strcmp(item.buf, "path")) { if (!value) ret = config_error_nonbool(var); + else if (looks_like_command_line_option(value)) + warn_command_line_option(var, value); else if (!me->overwrite && submodule->path) warn_multiple_config(me->treeish_name, submodule->name, "path"); @@ -448,6 +456,8 @@ static int parse_config(const char *var, const char *value, void *data) } else if (!strcmp(item.buf, "url")) { if (!value) { ret = config_error_nonbool(var); + } else if (looks_like_command_line_option(value)) { + warn_command_line_option(var, value); } else if (!me->overwrite && submodule->url) { warn_multiple_config(me->treeish_name, submodule->name, "url"); diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh new file mode 100755 index 0000000000..459193c976 --- /dev/null +++ b/t/t7416-submodule-dash-url.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +test_description='check handling of .gitmodule url with dash' +. ./test-lib.sh + +test_expect_success 'create submodule with protected dash in url' ' + git init upstream && + git -C upstream commit --allow-empty -m base && + mv upstream ./-upstream && + git submodule add ./-upstream sub && + git add sub .gitmodules && + git commit -m submodule +' + +test_expect_success 'clone can recurse submodule' ' + test_when_finished "rm -rf dst" && + git clone --recurse-submodules . dst && + echo base >expect && + git -C dst/sub log -1 --format=%s >actual && + test_cmp expect actual +' + +test_expect_success 'remove ./ protection from .gitmodules url' ' + perl -i -pe "s{\./}{}" .gitmodules && + git commit -am "drop protection" +' + +test_expect_success 'clone rejects unprotected dash' ' + test_when_finished "rm -rf dst" && + test_must_fail git clone --recurse-submodules . dst 2>err && + test_i18ngrep ignoring err +' + +test_done diff --git a/t/t7417-submodule-path-url.sh b/t/t7417-submodule-path-url.sh new file mode 100755 index 0000000000..638293f0da --- /dev/null +++ b/t/t7417-submodule-path-url.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +test_description='check handling of .gitmodule path with dash' +. ./test-lib.sh + +test_expect_success 'create submodule with dash in path' ' + git init upstream && + git -C upstream commit --allow-empty -m base && + git submodule add ./upstream sub && + git mv sub ./-sub && + git commit -m submodule +' + +test_expect_success 'clone rejects unprotected dash' ' + test_when_finished "rm -rf dst" && + git clone --recurse-submodules . dst 2>err && + test_i18ngrep ignoring err +' + +test_done |