From e693237e2ba27b6129e8af7f6a794f5c2fbd26f3 Mon Sep 17 00:00:00 2001 From: Christian Couder Date: Wed, 29 May 2019 14:44:32 +0200 Subject: list-objects-filter: disable 'sparse:path' filters If someone wants to use as a filter a sparse file that is in the repository, something like "--filter=sparse:oid=:" already works. So 'sparse:path' is only interesting if the sparse file is not in the repository. In this case though the current implementation has a big security issue, as it makes it possible to ask the server to read any file, like for example /etc/password, and to explore the filesystem, as well as individual lines of files. If someone is interested in using a sparse file that is not in the repository as a filter, then at the minimum a config option, such as "uploadpack.sparsePathFilter", should be implemented first to restrict the directory from which the files specified by 'sparse:path' can be read. For now though, let's just disable 'sparse:path' filters. Helped-by: Matthew DeVore Helped-by: Jeff Hostetler Signed-off-by: Christian Couder Signed-off-by: Junio C Hamano --- list-objects-filter.c | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'list-objects-filter.c') diff --git a/list-objects-filter.c b/list-objects-filter.c index ee449de3f7..53f90442c5 100644 --- a/list-objects-filter.c +++ b/list-objects-filter.c @@ -478,27 +478,6 @@ static void *filter_sparse_oid__init( return d; } -static void *filter_sparse_path__init( - struct oidset *omitted, - struct list_objects_filter_options *filter_options, - filter_object_fn *filter_fn, - filter_free_fn *filter_free_fn) -{ - struct filter_sparse_data *d = xcalloc(1, sizeof(*d)); - d->omits = omitted; - if (add_excludes_from_file_to_list(filter_options->sparse_path_value, - NULL, 0, &d->el, NULL) < 0) - die("could not load filter specification"); - - ALLOC_GROW(d->array_frame, d->nr + 1, d->alloc); - d->array_frame[d->nr].defval = 0; /* default to include */ - d->array_frame[d->nr].child_prov_omit = 0; - - *filter_fn = filter_sparse; - *filter_free_fn = filter_sparse_free; - return d; -} - typedef void *(*filter_init_fn)( struct oidset *omitted, struct list_objects_filter_options *filter_options, @@ -514,7 +493,6 @@ static filter_init_fn s_filters[] = { filter_blobs_limit__init, filter_trees_depth__init, filter_sparse_oid__init, - filter_sparse_path__init, }; void *list_objects_filter__init( -- cgit v1.2.3