File CVE-2024-32020-3.patch of Package git

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2024-32020-3.patch of Package git

From 8c9c051bef3db0fe267f3fb6a1dab293c5f23b38 Mon Sep 17 00:00:00 2001
From: Patrick Steinhardt <ps@pks.im>
Date: Mon, 15 Apr 2024 13:30:36 +0200
Subject: [PATCH 3/5] setup.c: introduce `die_upon_dubious_ownership()`

Introduce a new function `die_upon_dubious_ownership()` that uses
`ensure_valid_ownership()` to verify whether a repositroy is safe for
use, and causes Git to die in case it is not.

This function will be used in a subsequent commit.

Helped-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 cache.h | 12 ++++++++++++
 setup.c | 21 +++++++++++++++++++++
 2 files changed, 33 insertions(+)

Index: git-2.35.3/cache.h
===================================================================
--- git-2.35.3.orig/cache.h
+++ git-2.35.3/cache.h
@@ -627,6 +627,18 @@ void set_git_work_tree(const char *tree)
 void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
 				const char *gitdir);
 
+/*
+ * Check if a repository is safe and die if it is not, by verifying the
+ * ownership of the worktree (if any), the git directory, and the gitfile (if
+ * any).
+ *
+ * Exemptions for known-safe repositories can be added via `safe.directory`
+ * config settings; for non-bare repositories, their worktree needs to be
+ * added, for bare ones their git directory.
+ */
+void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
+				const char *gitdir);
+
 void setup_work_tree(void);
 /*
  * Find the commondir and gitdir of the repository that contains the current
Index: git-2.35.3/setup.c
===================================================================
--- git-2.35.3.orig/setup.c
+++ git-2.35.3/setup.c
@@ -1156,6 +1156,27 @@ static int ensure_valid_ownership(const
 	return data.is_safe;
 }
 
+void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
+				const char *gitdir)
+{
+	struct strbuf report = STRBUF_INIT, quoted = STRBUF_INIT;
+	const char *path;
+
+	if (ensure_valid_ownership(gitfile, worktree, gitdir))
+		return;
+
+	strbuf_complete(&report, '\n');
+	path = gitfile ? gitfile : gitdir;
+	sq_quote_buf_pretty(&quoted, path);
+
+	die(_("detected dubious ownership in repository at '%s'\n"
+	      "%s"
+	      "To add an exception for this directory, call:\n"
+	      "\n"
+	      "\tgit config --global --add safe.directory %s"),
+	    path, report.buf, quoted.buf);
+}
+
 enum discovery_result {
 	GIT_DIR_NONE = 0,
 	GIT_DIR_EXPLICIT,

Places

File CVE-2024-32020-3.patch of Package git

Places