kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity
Browse Source

fsck: reject submodule.update = !command in .gitmodules 

This allows hosting providers to detect whether they are being used
to attack users using malicious 'update = !command' settings in
.gitmodules.

Since ac1fbbda20 (submodule: do not copy unknown update mode from
.gitmodules, 2013-12-02), in normal cases such settings have been
treated as 'update = none', so forbidding them should not produce any
collateral damage to legitimate uses.  A quick search does not reveal
any repositories making use of this construct, either.

Reported-by: Joern Schneeweisz <jschneeweisz@gitlab.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
maint
Jonathan Nieder 5 years ago committed by Johannes Schindelin
parent
bdfef0492c
commit
bb92255ebe
2 changed files with 21 additions and 0 deletions
Split View
  1. 7
      fsck.c
  2. 14
      t/t7406-submodule-update.sh

7
fsck.c
Unescape View File

@ -66,6 +66,7 @@ static struct oidset gitmodules_done = OIDSET_INIT; @@ -66,6 +66,7 @@ static struct oidset gitmodules_done = OIDSET_INIT;
FUNC(GITMODULES_SYMLINK, ERROR) \
FUNC(GITMODULES_URL, ERROR) \
FUNC(GITMODULES_PATH, ERROR) \
FUNC(GITMODULES_UPDATE, ERROR) \
/* warnings */ \
FUNC(BAD_FILEMODE, WARN) \
FUNC(EMPTY_NAME, WARN) \
@ -975,6 +976,12 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata) @@ -975,6 +976,12 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
FSCK_MSG_GITMODULES_PATH,
"disallowed submodule path: %s",
value);
if (!strcmp(key, "update") && value &&
parse_submodule_update_type(value) == SM_UPDATE_COMMAND)
data->ret |= report(data->options, data->obj,
FSCK_MSG_GITMODULES_UPDATE,
"disallowed submodule update setting: %s",
value);
free(name);

return 0;

14
t/t7406-submodule-update.sh
Unescape View File

@ -414,6 +414,20 @@ test_expect_success 'submodule update - command in .gitmodules is rejected' ' @@ -414,6 +414,20 @@ test_expect_success 'submodule update - command in .gitmodules is rejected' '
test_must_fail git -C super submodule update submodule
'

test_expect_success 'fsck detects command in .gitmodules' '
git init command-in-gitmodules &&
(
cd command-in-gitmodules &&
git submodule add ../submodule submodule &&
test_commit adding-submodule &&

git config -f .gitmodules submodule.submodule.update "!false" &&
git add .gitmodules &&
test_commit configuring-update &&
test_must_fail git fsck
)
'

cat << EOF >expect
Execution of 'false $submodulesha1' failed in submodule path 'submodule'
EOF

Write Preview
Loading…
Cancel
Save