summaryrefslogtreecommitdiff
path: root/tests/bad-filenames
Commit message (Collapse)AuthorAgeFilesLines
* maint: update all copyright year number rangesJim Meyering2012-01-011-1/+1
| | | | Run "make update-copyright".
* don't warn twice about the same invalid file nameJim Meyering2011-02-171-0/+24
| | | | | * src/pch.c (name_is_valid): Don't warn about the same name twice. * tests/bad-filenames (emit_patch): Exercise the new code.
* Ignore dangerous filenames instead of failing immediatelyAndreas Gruenbacher2011-02-161-15/+82
| | | | | | | | | | * src/pch.c (name_is_valid): New function. (intuit_diff_type, best_name): Use name_is_valid() here. (strip_leading_slashes): Remove name validation tests from here. * tests/bad-filenames: Add more tests for covering more of the file name guessing corner cases in intuit_diff_type(), update the existing tests. * NEWS: Update.
* Do not let a malicious patch create files above current directoryJim Meyering2011-02-031-0/+49
This addresses CVE-2010-4651, reported by Jakub Wilk. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4651 * src/util.c (strip_leading_slashes): Reject absolute file names and file names containing a component of "..". * tests/bad-filenames: New file. Test for this. * tests/Makefile.am (TESTS): Add it. Improvements by Andreas Gruenbacher.
View Lorry Controller Status