author | Erik Faye-Lund <kusmabite@gmail.com> | |
Fri, 27 May 2011 16:00:40 +0000 (18:00 +0200) | ||
committer | Junio C Hamano <gitster@pobox.com> | |
Fri, 27 May 2011 17:59:18 +0000 (10:59 -0700) | ||
commit | 56948cb6aa8189e3b77c700119d179172e0f8c4a | |
tree | 72aedbd05bfbe0621077b69aa846b4c95ba23170 | tree | snapshot |
parent | d1c69255a1014ccaeb9841f2114e20f048556391 | commit | diff |
verify_path: consider dos drive prefix
If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.
Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.
Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.
Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.
Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
read-cache.c | diff | blob | history |