diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2024-03-31 00:22:41 +0100 |
|---|---|---|
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2024-04-17 22:30:24 +0200 |
| commit | 86cb6a3f059968d031fdf6ed49ab38a7ae00847f (patch) | |
| tree | 9dec3da0e9dbd56955d0a65f07016779986c88a3 /path.c | |
| parent | Merge branch 'js/github-actions-update' (diff) | |
| parent | submodule: require the submodule path to contain directories only (diff) | |
| download | git-86cb6a3f059968d031fdf6ed49ab38a7ae00847f.tar.gz git-86cb6a3f059968d031fdf6ed49ab38a7ae00847f.zip | |
Merge branch 'icasefs-symlink-confusion'
This topic branch fixes two vulnerabilities:
- Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
- Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'path.c')
| -rw-r--r-- | path.c | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -840,6 +840,7 @@ const char *enter_repo(const char *path, int strict) if (!suffix[i]) return NULL; gitfile = read_gitfile(used_path.buf); + die_upon_dubious_ownership(gitfile, NULL, used_path.buf); if (gitfile) { strbuf_reset(&used_path); strbuf_addstr(&used_path, gitfile); @@ -850,6 +851,7 @@ const char *enter_repo(const char *path, int strict) } else { const char *gitfile = read_gitfile(path); + die_upon_dubious_ownership(gitfile, NULL, path); if (gitfile) path = gitfile; if (chdir(path)) |