diff options
author | Junio C Hamano <gitster@pobox.com> | 2021-04-08 20:23:26 (GMT) |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2021-04-08 20:23:26 (GMT) |
commit | bde35a2a9334b27451d2cd7b175f9cafa7e68598 (patch) | |
tree | 4e202e0fbf0b247708024b7362227e30c131c683 | |
parent | 1b31224e59750f515f7ceb7adab2a7609371327d (diff) | |
parent | 9a7f1ce8b78dae09cf4510a98bd6b81d0d478772 (diff) | |
download | git-bde35a2a9334b27451d2cd7b175f9cafa7e68598.zip git-bde35a2a9334b27451d2cd7b175f9cafa7e68598.tar.gz git-bde35a2a9334b27451d2cd7b175f9cafa7e68598.tar.bz2 |
Merge branch 'rs/daemon-sanitize-dir-sep'
"git daemon" has been tightened against systems that take backslash
as directory separator.
* rs/daemon-sanitize-dir-sep:
daemon: sanitize all directory separators
-rw-r--r-- | daemon.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host, /* * Sanitize a string from the client so that it's OK to be inserted into a - * filesystem path. Specifically, we disallow slashes, runs of "..", and - * trailing and leading dots, which means that the client cannot escape - * our base path via ".." traversal. + * filesystem path. Specifically, we disallow directory separators, runs + * of "..", and trailing and leading dots, which means that the client + * cannot escape our base path via ".." traversal. */ static void sanitize_client(struct strbuf *out, const char *in) { for (; *in; in++) { - if (*in == '/') + if (is_dir_sep(*in)) continue; if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.')) continue; |