kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity

verify_path: consider dos drive prefix 

If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.

Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.

Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
Erik Faye-Lund 2011-05-27 18:00:40 +02:00 committed by Junio C Hamano
parent d1c69255a1
commit 56948cb6aa
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
read-cache.c
View File

@ -774,11 +774,14 @@ int verify_path(const char *path)
{
char c;

if (has_dos_drive_prefix(path))
return 0;

goto inside;
for (;;) {
if (!c)
return 1;
if (c == '/') {
if (is_dir_sep(c)) {
inside:
c = *path++;
switch (c) {