kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity

Merge branch 'en/fast-import-verify-path' 

"git fast-import" learned to reject paths with ".."  and "." as
their components to avoid creating invalid tree objects.

* en/fast-import-verify-path:
  t9300: test verification of renamed paths
  fast-import: disallow more path components
  fast-import: disallow "." and ".." path components
maint
Junio C Hamano 2024-12-13 07:33:40 -08:00
parent 90bf05e45a 8cb4c6e62f
commit e56c283c15
3 changed files with 117 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/fast-import.c
View File

@ -13,6 +13,7 @@
#include "delta.h" #include "delta.h"
#include "pack.h" #include "pack.h"
#include "path.h" #include "path.h"
#include "read-cache-ll.h"
#include "refs.h" #include "refs.h"
#include "csum-file.h" #include "csum-file.h"
#include "quote.h" #include "quote.h"
@ -2425,6 +2426,9 @@ static void file_change_m(const char *p, struct branch *b)
tree_content_replace(&b->branch_tree, &oid, mode, NULL); tree_content_replace(&b->branch_tree, &oid, mode, NULL);
return; return;
} }

if (!verify_path(path.buf, mode))
die("invalid path '%s'", path.buf);
tree_content_set(&b->branch_tree, path.buf, &oid, mode, NULL); tree_content_set(&b->branch_tree, path.buf, &oid, mode, NULL);
} }


@ -2462,6 +2466,8 @@ static void file_change_cr(const char *p, struct branch *b, int rename)
leaf.tree); leaf.tree);
return; return;
} }
if (!verify_path(dest.buf, leaf.versions[1].mode))
die("invalid path '%s'", dest.buf);
tree_content_set(&b->branch_tree, dest.buf, tree_content_set(&b->branch_tree, dest.buf,
&leaf.versions[1].oid, &leaf.versions[1].oid,
leaf.versions[1].mode, leaf.versions[1].mode,

113
t/t9300-fast-import.sh
View File

@ -521,6 +521,113 @@ test_expect_success 'B: fail on invalid committer (5)' '
test_must_fail git fast-import <input test_must_fail git fast-import <input
' '


test_expect_success 'B: fail on invalid file path of ..' '
cat >input <<-INPUT_END &&
blob
mark :1
data <<EOF
File contents
EOF

commit refs/heads/badpath
committer Name <email> $GIT_COMMITTER_DATE
data <<COMMIT
Commit Message
COMMIT
M 100644 :1 ../invalid-path
INPUT_END

test_when_finished "git update-ref -d refs/heads/badpath" &&
test_must_fail git fast-import <input
'

test_expect_success 'B: fail on invalid file path of .' '
cat >input <<-INPUT_END &&
blob
mark :1
data <<EOF
File contents
EOF

commit refs/heads/badpath
committer Name <email> $GIT_COMMITTER_DATE
data <<COMMIT
Good path
COMMIT
M 100644 :1 ok-path

commit refs/heads/badpath
committer Name <email> $GIT_COMMITTER_DATE
data <<COMMIT
Bad path
COMMIT
R ok-path ./invalid-path
INPUT_END

test_when_finished "git update-ref -d refs/heads/badpath" &&
test_must_fail git fast-import <input
'

test_expect_success WINDOWS 'B: fail on invalid file path of C:' '
cat >input <<-INPUT_END &&
blob
mark :1
data <<EOF
File contents
EOF

commit refs/heads/badpath
committer Name <email> $GIT_COMMITTER_DATE
data <<COMMIT
Commit Message
COMMIT
M 100644 :1 C:/invalid-path
INPUT_END

test_when_finished "git update-ref -d refs/heads/badpath" &&
test_must_fail git fast-import <input
'

test_expect_success 'B: fail on invalid file path of .git' '
cat >input <<-INPUT_END &&
blob
mark :1
data <<EOF
File contents
EOF

commit refs/heads/badpath
committer Name <email> $GIT_COMMITTER_DATE
data <<COMMIT
Commit Message
COMMIT
M 100644 :1 .git/invalid-path
INPUT_END

test_when_finished "git update-ref -d refs/heads/badpath" &&
test_must_fail git fast-import <input
'

test_expect_success 'B: fail on invalid file path of .gitmodules' '
cat >input <<-INPUT_END &&
blob
mark :1
data <<EOF
File contents
EOF

commit refs/heads/badpath
committer Name <email> $GIT_COMMITTER_DATE
data <<COMMIT
Commit Message
COMMIT
M 120000 :1 .gitmodules
INPUT_END

test_when_finished "git update-ref -d refs/heads/badpath" &&
test_must_fail git fast-import <input
'

### ###
### series C ### series C
### ###
@ -945,7 +1052,7 @@ test_expect_success 'L: verify internal tree sorting' '
:100644 100644 M ba :100644 100644 M ba
EXPECT_END EXPECT_END


git fast-import <input && git -c core.protectNTFS=false fast-import <input &&
GIT_PRINT_SHA1_ELLIPSIS="yes" git diff-tree --abbrev --raw L^ L >output && GIT_PRINT_SHA1_ELLIPSIS="yes" git diff-tree --abbrev --raw L^ L >output &&
cut -d" " -f1,2,5 output >actual && cut -d" " -f1,2,5 output >actual &&
test_cmp expect actual test_cmp expect actual
@ -3096,7 +3203,7 @@ test_path_eol_success () {
test_expect_success "S: paths at EOL with $test must work" ' test_expect_success "S: paths at EOL with $test must work" '
test_when_finished "git branch -D S-path-eol" && test_when_finished "git branch -D S-path-eol" &&


git fast-import --export-marks=marks.out <<-EOF >out 2>err && git -c core.protectNTFS=false fast-import --export-marks=marks.out <<-EOF >out 2>err &&
blob blob
mark :401 mark :401
data <<BLOB data <<BLOB
@ -3205,7 +3312,7 @@ test_path_space_success () {
test_expect_success "S: paths before space with $test must work" ' test_expect_success "S: paths before space with $test must work" '
test_when_finished "git branch -D S-path-space" && test_when_finished "git branch -D S-path-space" &&


git fast-import --export-marks=marks.out <<-EOF 2>err && git -c core.protectNTFS=false fast-import --export-marks=marks.out <<-EOF 2>err &&
blob blob
mark :401 mark :401
data <<BLOB data <<BLOB

2
t/t9350-fast-export.sh
View File

@ -631,7 +631,7 @@ test_expect_success 'fast-export quotes pathnames' '
git rev-list HEAD >expect && git rev-list HEAD >expect &&
git init result && git init result &&
cd result && cd result &&
git fast-import <../export.out && git -c core.protectNTFS=false fast-import <../export.out &&
git rev-list HEAD >actual && git rev-list HEAD >actual &&
test_cmp ../expect actual test_cmp ../expect actual
) )