![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d1c6925)
raw | patch | inline | side by side (parent: d1c6925)
| author | Erik Faye-Lund <kusmabite@gmail.com> | |
| Fri, 27 May 2011 16:00:40 +0000 (18:00 +0200) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Fri, 27 May 2011 17:59:18 +0000 (10:59 -0700) |
If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.
Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.
Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.
Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.
Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| read-cache.c | patch | blob | history |
diff --git a/read-cache.c b/read-cache.c
index 0480d9455cec042cf128e4d92bbc44a9dcc3fe32..31cf0b503adb9c9b436a74df6ab11992d863a057 100644 (file)
--- a/read-cache.c
+++ b/read-cache.c
{
char c;
+ if (has_dos_drive_prefix(path))
+ return 0;
+
goto inside;
for (;;) {
if (!c)
return 1;
- if (c == '/') {
+ if (is_dir_sep(c)) {
inside:
c = *path++;
switch (c) {