Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
libgit2.25920
0002-repo-ensure-that-repo-dir-is-owned-by-curr...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0002-repo-ensure-that-repo-dir-is-owned-by-current-user.patch of Package libgit2.25920
From 62d492dee448d98ef61d33680bbd7de614ce8fd8 Mon Sep 17 00:00:00 2001 From: Edward Thomson <ethomson@edwardthomson.com> Date: Mon, 11 Apr 2022 09:56:26 -0400 Subject: [PATCH 02/20] repo: ensure that repo dir is owned by current user Ensure that the repository directory is owned by the current user; this prevents us from opening configuration files that may have been created by an attacker. --- include/git2/errors.h | 1 + src/repository.c | 31 ++++++++++++++++++++++++++++--- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/include/git2/errors.h b/include/git2/errors.h index de51582d5..16712f988 100644 --- a/include/git2/errors.h +++ b/include/git2/errors.h @@ -58,6 +58,9 @@ typedef enum { GIT_ITEROVER = -31, /**< Signals end of iteration with iterator */ GIT_RETRY = -32, /**< Internal only */ GIT_EMISMATCH = -33, /**< Hashsum mismatch in object */ + GIT_EINDEXDIRTY = -34, /**< Unsaved changes in the index would be overwritten */ + GIT_EAPPLYFAIL = -35, /**< Patch application failed */ + GIT_EOWNER = -36 /**< The object is not owned by the current user */ } git_error_code; /** diff --git a/src/repository.c b/src/repository.c index 9b3e9c9e3..4dace9da9 100644 --- a/src/repository.c +++ b/src/repository.c @@ -482,6 +482,23 @@ static int read_gitfile(git_buf *path_out, const char *file_path) return error; } +static int validate_ownership(const char *repo_path) +{ + bool is_safe; + int error; + + if ((error = git_path_owner_is_current_user(&is_safe, repo_path)) < 0) + return (error == GIT_ENOTFOUND) ? 0 : error; + + if (is_safe) + return 0; + #+ giterr_set(GIT_ERROR_CONFIG, + giterr_set(GITERR_CONFIG, + "repository path '%s' is not owned by current user", + repo_path); + return GIT_EOWNER; +} + static int find_repo( git_buf *gitdir_path, git_buf *workdir_path, @@ -855,8 +872,9 @@ int git_repository_open_ext( unsigned is_worktree; git_buf gitdir = GIT_BUF_INIT, workdir = GIT_BUF_INIT, gitlink = GIT_BUF_INIT, commondir = GIT_BUF_INIT; - git_repository *repo; + git_repository *repo = NULL; git_config *config = NULL; + const char *validation_path; # int version = 0; # # if (flags & GIT_REPOSITORY_OPEN_FROM_ENV) if (flags & GIT_REPOSITORY_OPEN_FROM_ENV) return _git_repository_open_ext_from_env(repo_ptr, start_path); @@ -903,16 +922,23 @@ int git_repository_open_ext( # if ((error = check_extensions(config, version)) < 0) # goto cleanup; # if (config && (error = check_repositoryformatversion(config)) < 0) goto cleanup; - if ((flags & GIT_REPOSITORY_OPEN_BARE) != 0) + if ((flags & GIT_REPOSITORY_OPEN_BARE) != 0) { repo->is_bare = 1; - else { - + } else { if (config && ((error = load_config_data(repo, config)) < 0 || (error = load_workdir(repo, config, &workdir)) < 0)) goto cleanup; } + /* + * Ensure that the git directory is owned by the current user. + */ + validation_path = repo->is_bare ? repo->gitdir : repo->workdir; + + if ((error = validate_ownership(validation_path)) < 0) + goto cleanup; + cleanup: # git_buf_dispose(&gitdir); # git_buf_dispose(&workdir); git_buf_free(&gitdir); git_buf_free(&workdir); -- 2.37.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor