File 0004-path-also-guard-gitmodules-against-NTFS-Al... of Package libgit2.34826

Overview Repositories Revisions Requests Users Attributes Meta

File 0004-path-also-guard-gitmodules-against-NTFS-Alternate-Data-Streams.patch of Package libgit2.34826

From 4bae85c5b9f2c761827b86d3c82385487d60febe Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Wed, 18 Sep 2019 16:33:18 +0200
Subject: [PATCH] path: also guard `.gitmodules` against NTFS Alternate Data
 Streams

We just safe-guarded `.git` against NTFS Alternate Data Stream-related
attack vectors, and now it is time to do the same for `.gitmodules`.

Note: In the added regression test, we refrain from verifying all kinds
of variations between short names and NTFS Alternate Data Streams: as
the new code disallows _all_ Alternate Data Streams of `.gitmodules`, it
is enough to test one in order to know that all of them are guarded
against.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 src/path.c          | 2 +-
 tests/path/dotgit.c | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/path.c b/src/path.c
index 6f22b08e9a8..50873653201 100644
--- a/src/path.c
+++ b/src/path.c
@@ -1631,7 +1631,7 @@ GIT_INLINE(bool) only_spaces_and_dots(const char *path)
 	const char *c = path;
 
 	for (;; c++) {
-		if (*c == '\0')
+		if (*c == '\0' || *c == ':')
 			return true;
 		if (*c != ' ' && *c != '.')
 			return false;
diff --git a/tests/path/dotgit.c b/tests/path/dotgit.c
index 20e585edb57..425392403a5 100644
--- a/tests/path/dotgit.c
+++ b/tests/path/dotgit.c
@@ -116,4 +116,5 @@ void test_path_dotgit__dotgit_modules_symlink(void)
 	cl_assert_equal_b(true, git_path_isvalid(NULL, ".gitmodules", 0, GIT_PATH_REJECT_DOT_GIT_HFS|GIT_PATH_REJECT_DOT_GIT_NTFS));
 	cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_HFS));
 	cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
+	cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules . .::$DATA", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
 }

Places

File 0004-path-also-guard-gitmodules-against-NTFS-Alternate-Data-Streams.patch of Package libgit2.34826

Places