diff options
| author | Junio C Hamano <gitster@pobox.com> | 2021-04-08 22:23:26 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2021-04-08 22:23:26 +0200 |
| commit | bde35a2a9334b27451d2cd7b175f9cafa7e68598 (patch) | |
| tree | 4e202e0fbf0b247708024b7362227e30c131c683 /daemon.c | |
| parent | Merge branch 'en/ort-perf-batch-9' (diff) | |
| parent | daemon: sanitize all directory separators (diff) | |
| download | git-bde35a2a9334b27451d2cd7b175f9cafa7e68598.tar.xz git-bde35a2a9334b27451d2cd7b175f9cafa7e68598.zip | |
Merge branch 'rs/daemon-sanitize-dir-sep'
"git daemon" has been tightened against systems that take backslash
as directory separator.
* rs/daemon-sanitize-dir-sep:
daemon: sanitize all directory separators
Diffstat (limited to 'daemon.c')
| -rw-r--r-- | daemon.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host, /* * Sanitize a string from the client so that it's OK to be inserted into a - * filesystem path. Specifically, we disallow slashes, runs of "..", and - * trailing and leading dots, which means that the client cannot escape - * our base path via ".." traversal. + * filesystem path. Specifically, we disallow directory separators, runs + * of "..", and trailing and leading dots, which means that the client + * cannot escape our base path via ".." traversal. */ static void sanitize_client(struct strbuf *out, const char *in) { for (; *in; in++) { - if (*in == '/') + if (is_dir_sep(*in)) continue; if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.')) continue; |