path: also guard `.gitmodules` against NTFS Alternate Data Streams

We just safe-guarded `.git` against NTFS Alternate Data Stream-related attack vectors, and now it is time to do the same for `.gitmodules`. Note: In the added regression test, we refrain from verifying all kinds of variations between short names and NTFS Alternate Data Streams: as the new code disallows _all_ Alternate Data Streams of `.gitmodules`, it is enough to test one in order to know that all of them are guarded against. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
author: Johannes Schindelin <johannes.schindelin@gmx.de> 2019-09-18 16:33:18 +0200
committer: Edward Thomson <ethomson@edwardthomson.com> 2019-12-10 18:01:06 +1000
commit: e1832eb20a7089f6383cfce474f213157f5300cb (patch)
tree: 19b6709928397dd9a97151df753052925c0af96f /src
parent: 3f7851eadca36a99627ad78cbe56a40d3776ed01 (diff)
download: libgit2-e1832eb20a7089f6383cfce474f213157f5300cb.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/path.c b/src/path.c
index 7844da672..b3a8fc32f 100644
--- a/src/path.c
+++ b/src/path.c
@@ -1646,7 +1646,7 @@ GIT_INLINE(bool) only_spaces_and_dots(const char *path)
 	const char *c = path;
 
 	for (;; c++) {
-		if (*c == '\0')
+		if (*c == '\0' || *c == ':')
 			return true;
 		if (*c != ' ' && *c != '.')
 			return false;
author	Johannes Schindelin <johannes.schindelin@gmx.de>	2019-09-18 16:33:18 +0200
committer	Edward Thomson <ethomson@edwardthomson.com>	2019-12-10 18:01:06 +1000
commit	e1832eb20a7089f6383cfce474f213157f5300cb (patch)
tree	19b6709928397dd9a97151df753052925c0af96f /src
parent	3f7851eadca36a99627ad78cbe56a40d3776ed01 (diff)
download	libgit2-e1832eb20a7089f6383cfce474f213157f5300cb.tar.gz