Skip to content

Commit

Permalink
verify_path: consider dos drive prefix
Browse files Browse the repository at this point in the history 
If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.

Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.

Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
  • Loading branch information
Erik Faye-Lund authored and Junio C Hamano committed May 27, 2011
1 parent d1c6925 commit 56948cb
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion read-cache.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -774,11 +774,14 @@ int verify_path(const char *path)
{
char c;

if (has_dos_drive_prefix(path))
return 0;

goto inside;
for (;;) {
if (!c)
return 1;
if (c == '/') {
if (is_dir_sep(c)) {
inside:
c = *path++;
switch (c) {
Expand Down

0 comments on commit 56948cb

Please sign in to comment.