diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2023-02-06 11:37:52 +0300 |
|---|---|---|
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2023-02-06 11:37:52 +0300 |
| commit | 40843216c568d39ee4d10ee256dc76de4f54f0a0 (patch) | |
| tree | c8ff30168bf8a2afbb73af194702b19082e9d036 /apply.c | |
| parent | 5c1fc48d68d78aae1a84c5b7880b7e79d3dd7c1b (diff) | |
| parent | b7a92d078b9b9a39553623815699eb029074e39d (diff) | |
Sync with 2.35.7
* maint-2.35:
Git 2.35.7
Git 2.34.7
http: support CURLOPT_PROTOCOLS_STR
http: prefer CURLOPT_SEEKFUNCTION to CURLOPT_IOCTLFUNCTION
http-push: prefer CURLOPT_UPLOAD to CURLOPT_PUT
Git 2.33.7
Git 2.32.6
Git 2.31.7
Git 2.30.8
apply: fix writing behind newly created symbolic links
dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS
clone: delay picking a transport until after get_repo_path()
t5619: demonstrate clone_local() with ambiguous transport
Diffstat (limited to 'apply.c')
| -rw-r--r-- | apply.c | 27 |
1 files changed, 27 insertions, 0 deletions
@@ -4408,6 +4408,33 @@ static int create_one_file(struct apply_state *state, if (state->cached) return 0; + /* + * We already try to detect whether files are beyond a symlink in our + * up-front checks. But in the case where symlinks are created by any + * of the intermediate hunks it can happen that our up-front checks + * didn't yet see the symlink, but at the point of arriving here there + * in fact is one. We thus repeat the check for symlinks here. + * + * Note that this does not make the up-front check obsolete as the + * failure mode is different: + * + * - The up-front checks cause us to abort before we have written + * anything into the working directory. So when we exit this way the + * working directory remains clean. + * + * - The checks here happen in the middle of the action where we have + * already started to apply the patch. The end result will be a dirty + * working directory. + * + * Ideally, we should update the up-front checks to catch what would + * happen when we apply the patch before we damage the working tree. + * We have all the information necessary to do so. But for now, as a + * part of embargoed security work, having this check would serve as a + * reasonable first step. + */ + if (path_is_beyond_symlink(state, path)) + return error(_("affected file '%s' is beyond a symbolic link"), path); + res = try_create_file(state, path, mode, buf, size); if (res < 0) return -1; |