From 91bd46588e6959e6903e275f78b10bd07830d547 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Wed, 28 Aug 2019 12:22:17 +0200
Subject: path: also guard `.gitmodules` against NTFS Alternate Data Streams

We just safe-guarded `.git` against NTFS Alternate Data Stream-related
attack vectors, and now it is time to do the same for `.gitmodules`.

Note: In the added regression test, we refrain from verifying all kinds
of variations between short names and NTFS Alternate Data Streams: as
the new code disallows _all_ Alternate Data Streams of `.gitmodules`, it
is enough to test one in order to know that all of them are guarded
against.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 path.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'path.c')

diff --git a/path.c b/path.c
index e39ecf4689..2037e2d8c1 100644
--- a/path.c
+++ b/path.c
@@ -1369,7 +1369,7 @@ static int is_ntfs_dot_generic(const char *name,
 only_spaces_and_periods:
 		for (;;) {
 			char c = name[i++];
-			if (!c)
+			if (!c || c == ':')
 				return 1;
 			if (c != ' ' && c != '.')
 				return 0;
-- 
cgit v1.2.3