diff options
| author | Johannes Sixt <j6t@kdbg.org> | 2025-05-20 08:56:09 +0200 |
|---|---|---|
| committer | Taylor Blau <me@ttaylorr.com> | 2025-05-23 17:04:31 -0400 |
| commit | 311d9ada3a7c2c49669d656a0359cc3a9ccfeeef (patch) | |
| tree | 2a415d4e14344093eda9d6e2a0daa026ae564989 /git-gui/lib/mergetool.tcl | |
| parent | Merge branch 'ml/replace-auto-execok' (diff) | |
| parent | git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls (diff) | |
| download | git-311d9ada3a7c2c49669d656a0359cc3a9ccfeeef.tar.gz git-311d9ada3a7c2c49669d656a0359cc3a9ccfeeef.zip | |
Merge branch 'js/fix-open-exec'
This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:
When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Diffstat (limited to 'git-gui/lib/mergetool.tcl')
| -rw-r--r-- | git-gui/lib/mergetool.tcl | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/git-gui/lib/mergetool.tcl b/git-gui/lib/mergetool.tcl index e688b016ef..6b26726418 100644 --- a/git-gui/lib/mergetool.tcl +++ b/git-gui/lib/mergetool.tcl @@ -88,7 +88,7 @@ proc merge_load_stages {path cont} { set merge_stages(3) {} set merge_stages_buf {} - set merge_stages_fd [eval git_read ls-files -u -z -- {$path}] + set merge_stages_fd [git_read [list ls-files -u -z -- $path]] fconfigure $merge_stages_fd -blocking 0 -translation binary -encoding binary fileevent $merge_stages_fd readable [list read_merge_stages $merge_stages_fd $cont] @@ -293,7 +293,7 @@ proc merge_tool_get_stages {target stages} { foreach fname $stages { if {$merge_stages($i) eq {}} { file delete $fname - catch { close [open $fname w] } + catch { close [safe_open_file $fname w] } } else { # A hack to support autocrlf properly git checkout-index -f --stage=$i -- $target @@ -343,9 +343,9 @@ proc merge_tool_start {cmdline target backup stages} { # Force redirection to avoid interpreting output on stderr # as an error, and launch the tool - lappend cmdline {2>@1} + set redir [list {2>@1}] - if {[catch { set mtool_fd [_open_stdout_stderr $cmdline] } err]} { + if {[catch { set mtool_fd [safe_open_command $cmdline $redir] } err]} { delete_temp_files $mtool_tmpfiles error_popup [mc "Could not start the merge tool:\n\n%s" $err] return |