From cdff2f0237f663e0f68155655a8b66d05c1ec716 Mon Sep 17 00:00:00 2001 From: Edward Thomson Date: Mon, 13 Jun 2022 21:34:01 -0400 Subject: repo: allow administrator to own the configuration Update our ownership checks that were introduced in libgit2 v1.4.3 (to combat CVE 2022-24765). These were not compatible with git's; git itself allows administrators to own the path. Our checks now match this behavior. --- src/libgit2/repository.c | 2 +- tests/libgit2/repo/open.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/libgit2/repository.c b/src/libgit2/repository.c index 48a0b70f5..d2484318f 100644 --- a/src/libgit2/repository.c +++ b/src/libgit2/repository.c @@ -512,7 +512,7 @@ static int validate_ownership(const char *repo_path) bool is_safe; int error; - if ((error = git_fs_path_owner_is_current_user(&is_safe, repo_path)) < 0) { + if ((error = git_fs_path_owner_is_system_or_current_user(&is_safe, repo_path)) < 0) { if (error == GIT_ENOTFOUND) error = 0; diff --git a/tests/libgit2/repo/open.c b/tests/libgit2/repo/open.c index 4b6609a81..5c66eca4b 100644 --- a/tests/libgit2/repo/open.c +++ b/tests/libgit2/repo/open.c @@ -484,9 +484,10 @@ void test_repo_open__validates_dir_ownership(void) cl_git_pass(git_repository_open(&repo, "empty_standard_repo")); git_repository_free(repo); - /* When the system user owns the repo config, fail */ + /* When the system user owns the repo config, also acceptable */ git_fs_path__set_owner(GIT_FS_PATH_MOCK_OWNER_SYSTEM); - cl_git_fail(git_repository_open(&repo, "empty_standard_repo")); + cl_git_pass(git_repository_open(&repo, "empty_standard_repo")); + git_repository_free(repo); /* When an unknown user owns the repo config, fail */ git_fs_path__set_owner(GIT_FS_PATH_MOCK_OWNER_OTHER); -- cgit v1.2.1