From: Erik Faye-Lund Date: Fri, 27 May 2011 16:00:40 +0000 (+0200) Subject: verify_path: consider dos drive prefix X-Git-Tag: v1.7.7-rc0~117^2~2 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=56948cb6aa8189e3b77c700119d179172e0f8c4a;p=git.git verify_path: consider dos drive prefix If someone manage to create a repo with a 'C:' entry in the root-tree, files can be written outside of the working-dir. This opens up a can-of-worms of exploits. Fix it by explicitly checking for a dos drive prefix when verifying a paht. While we're at it, make sure that paths beginning with '\' is considered absolute as well. Noticed-by: Theo Niessink Signed-off-by: Erik Faye-Lund Signed-off-by: Junio C Hamano --- diff --git a/read-cache.c b/read-cache.c index 0480d9455..31cf0b503 100644 --- a/read-cache.c +++ b/read-cache.c @@ -774,11 +774,14 @@ int verify_path(const char *path) { char c; + if (has_dos_drive_prefix(path)) + return 0; + goto inside; for (;;) { if (!c) return 1; - if (c == '/') { + if (is_dir_sep(c)) { inside: c = *path++; switch (c) {