Commit ac0b2ef1 by Johannes Schindelin Committed by Patrick Steinhardt

path: also guard `.gitmodules` against NTFS Alternate Data Streams

We just safe-guarded `.git` against NTFS Alternate Data Stream-related
attack vectors, and now it is time to do the same for `.gitmodules`.

Note: In the added regression test, we refrain from verifying all kinds
of variations between short names and NTFS Alternate Data Streams: as
the new code disallows _all_ Alternate Data Streams of `.gitmodules`, it
is enough to test one in order to know that all of them are guarded
against.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
parent 460a9fdc
...@@ -1631,7 +1631,7 @@ GIT_INLINE(bool) only_spaces_and_dots(const char *path) ...@@ -1631,7 +1631,7 @@ GIT_INLINE(bool) only_spaces_and_dots(const char *path)
const char *c = path; const char *c = path;
for (;; c++) { for (;; c++) {
if (*c == '\0') if (*c == '\0' || *c == ':')
return true; return true;
if (*c != ' ' && *c != '.') if (*c != ' ' && *c != '.')
return false; return false;
......
...@@ -116,4 +116,5 @@ void test_path_dotgit__dotgit_modules_symlink(void) ...@@ -116,4 +116,5 @@ void test_path_dotgit__dotgit_modules_symlink(void)
cl_assert_equal_b(true, git_path_isvalid(NULL, ".gitmodules", 0, GIT_PATH_REJECT_DOT_GIT_HFS|GIT_PATH_REJECT_DOT_GIT_NTFS)); cl_assert_equal_b(true, git_path_isvalid(NULL, ".gitmodules", 0, GIT_PATH_REJECT_DOT_GIT_HFS|GIT_PATH_REJECT_DOT_GIT_NTFS));
cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_HFS)); cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_HFS));
cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS)); cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules . .::$DATA", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment