diff options
author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-09-12 14:54:05 +0200 |
---|---|---|
committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-12-04 13:20:05 +0100 |
commit | e1d911dd4c7b76a5a8cec0f5c8de15981e34da83 (patch) | |
tree | c3e36cceeadde0713a1f154b075ca1176f1b4a8b /tree-walk.c | |
parent | 0060fd1511b94c918928fa3708f69a3f33895a4a (diff) | |
download | git-e1d911dd4c7b76a5a8cec0f5c8de15981e34da83.tar.gz |
mingw: disallow backslash characters in tree objects' file names
The backslash character is not a valid part of a file name on Windows.
Hence it is dangerous to allow writing files that were unpacked from
tree objects, when the stored file name contains a backslash character:
it will be misinterpreted as directory separator.
This not only causes ambiguity when a tree contains a blob `a\b` and a
tree `a` that contains a blob `b`, but it also can be used as part of an
attack vector to side-step the careful protections against writing into
the `.git/` directory during a clone of a maliciously-crafted
repository.
Let's prevent that, addressing CVE-2019-1354.
Note: we guard against backslash characters in tree objects' file names
_only_ on Windows (because on other platforms, even on those where NTFS
volumes can be mounted, the backslash character is _not_ a directory
separator), and _only_ when `core.protectNTFS = true` (because users
might need to generate tree objects for other platforms, of course
without touching the worktree, e.g. using `git update-index
--cacheinfo`).
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'tree-walk.c')
-rw-r--r-- | tree-walk.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tree-walk.c b/tree-walk.c index d459feda23..54ff959d7f 100644 --- a/tree-walk.c +++ b/tree-walk.c @@ -41,6 +41,12 @@ static int decode_tree_entry(struct tree_desc *desc, const char *buf, unsigned l strbuf_addstr(err, _("empty filename in tree entry")); return -1; } +#ifdef GIT_WINDOWS_NATIVE + if (protect_ntfs && strchr(path, '\\')) { + strbuf_addf(err, _("filename in tree entry contains backslash: '%s'"), path); + return -1; + } +#endif len = strlen(path) + 1; /* Initialize the descriptor entry */ |