diff options
| author | Junio C Hamano <junkio@cox.net> | 2005-04-16 21:29:45 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-16 21:29:45 -0700 |
| commit | 9bd94cafdf104e613d7609401e60711cd08e209c (patch) | |
| tree | 2660be985a85b5a96b9de69050375ac5e436c957 /commit-tree.c | |
| parent | [PATCH] show-diff -z option for machine readable output. (diff) | |
| download | git-9bd94cafdf104e613d7609401e60711cd08e209c.tar.gz git-9bd94cafdf104e613d7609401e60711cd08e209c.zip | |
[PATCH] show-diff shell safety
The command line for running "diff" command is built without
taking shell metacharacters into account. A malicious dircache
entry "foo 2>bar" (yes, a filename with space) would result in
creating a file called "bar" with the error message "diff: foo:
No such file or directory" in it.
This is not just a user screwing over himself. Such a dircache
can be created as a result of a merge with tree from others.
Here is a fix.
Signed-off-by: Junio C Hamano <junkio@cox.net>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'commit-tree.c')
0 files changed, 0 insertions, 0 deletions