diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-09-18 16:33:18 +0200 |
|---|---|---|
| committer | Edward Thomson <ethomson@edwardthomson.com> | 2019-12-10 18:01:06 +1000 |
| commit | e1832eb20a7089f6383cfce474f213157f5300cb (patch) | |
| tree | 19b6709928397dd9a97151df753052925c0af96f /tests | |
| parent | 3f7851eadca36a99627ad78cbe56a40d3776ed01 (diff) | |
| download | libgit2-e1832eb20a7089f6383cfce474f213157f5300cb.tar.gz | |
path: also guard `.gitmodules` against NTFS Alternate Data Streams
We just safe-guarded `.git` against NTFS Alternate Data Stream-related
attack vectors, and now it is time to do the same for `.gitmodules`.
Note: In the added regression test, we refrain from verifying all kinds
of variations between short names and NTFS Alternate Data Streams: as
the new code disallows _all_ Alternate Data Streams of `.gitmodules`, it
is enough to test one in order to know that all of them are guarded
against.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/path/dotgit.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/path/dotgit.c b/tests/path/dotgit.c index 309966945..ceb7330d2 100644 --- a/tests/path/dotgit.c +++ b/tests/path/dotgit.c @@ -116,4 +116,5 @@ void test_path_dotgit__dotgit_modules_symlink(void) cl_assert_equal_b(true, git_path_isvalid(NULL, ".gitmodules", 0, GIT_PATH_REJECT_DOT_GIT_HFS|GIT_PATH_REJECT_DOT_GIT_NTFS)); cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_HFS)); cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS)); + cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules . .::$DATA", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS)); } |