Files · c8ca3caef68f31d553c131b471223ff934bb3cff · lvzhengyang / git2

submodule: ignore path and url attributes if they look like options · c8ca3cae

These can be used to inject options in an implementation which performs a
recursive clone by executing an external command via crafted url and path
attributes such that it triggers a local executable to be run.

The library is not vulnerable as we do not rely on external executables but a
user of the library might be relying on that so we add this protection.

This matches this aspect of git's fix for CVE-2018-17456.

committed Oct 05, 2018

c8ca3cae

Name	Last commit	Last update
.github		Loading commit data...
ci		Loading commit data...
cmake/Modules		Loading commit data...
deps		Loading commit data...
docs		Loading commit data...
examples		Loading commit data...
fuzzers		Loading commit data...
include		Loading commit data...
script		Loading commit data...
src		Loading commit data...
tests		Loading commit data...
.HEADER		Loading commit data...
.editorconfig		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
AUTHORS		Loading commit data...
CMakeLists.txt		Loading commit data...
COPYING		Loading commit data...
README.md		Loading commit data...
api.docurium		Loading commit data...
azure-pipelines.yml		Loading commit data...
git.git-authors		Loading commit data...
libgit2.pc.in		Loading commit data...
libgit2_clar.supp		Loading commit data...
package.json		Loading commit data...

README.md