builtin/clone: abort when hardlinked source and target file differ - git - Mirror of https://git.kernel.org/pub/scm/git/git.git/

diff options

author	Patrick Steinhardt <ps@pks.im>	2024-04-15 13:30:31 +0200
committer	Johannes Schindelin <johannes.schindelin@gmx.de>	2024-04-17 00:01:25 +0200
commit	d1bb66a546b4bb46005d17ba711caaad26f26c1e (patch)
tree	cfa3c90be2598a17fbbe09fd3caadb9aee6aacbd /t/helper/test-cache-tree.c
parent	builtin/clone: stop resolving symlinks when copying files (diff)
download	git-d1bb66a546b4bb46005d17ba711caaad26f26c1e.tar.gz git-d1bb66a546b4bb46005d17ba711caaad26f26c1e.zip

builtin/clone: abort when hardlinked source and target file differ

When performing local clones with hardlinks we refuse to copy source files which are symlinks as a mitigation for CVE-2022-39253. This check can be raced by an adversary though by changing the file to a symlink after we have checked it. Fix the issue by checking whether the hardlinked destination file matches the source file and abort in case it doesn't. This addresses CVE-2024-32021. Reported-by: Apple Product Security <product-security@apple.com> Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Diffstat (limited to 't/helper/test-cache-tree.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: