diff options
author | Erik Faye-Lund <kusmabite@gmail.com> | 2011-05-27 18:00:40 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2011-05-27 19:59:18 +0200 |
commit | 56948cb6aa8189e3b77c700119d179172e0f8c4a (patch) | |
tree | 72aedbd05bfbe0621077b69aa846b4c95ba23170 /read-cache.c | |
parent | real_path: do not assume '/' is the path seperator (diff) | |
download | git-56948cb6aa8189e3b77c700119d179172e0f8c4a.tar.xz git-56948cb6aa8189e3b77c700119d179172e0f8c4a.zip |
verify_path: consider dos drive prefix
If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.
Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.
Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'read-cache.c')
-rw-r--r-- | read-cache.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/read-cache.c b/read-cache.c index 0480d9455c..31cf0b503a 100644 --- a/read-cache.c +++ b/read-cache.c @@ -774,11 +774,14 @@ int verify_path(const char *path) { char c; + if (has_dos_drive_prefix(path)) + return 0; + goto inside; for (;;) { if (!c) return 1; - if (c == '/') { + if (is_dir_sep(c)) { inside: c = *path++; switch (c) { |