summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2021-04-08 20:23:26 (GMT)
committerJunio C Hamano <gitster@pobox.com>2021-04-08 20:23:26 (GMT)
commitbde35a2a9334b27451d2cd7b175f9cafa7e68598 (patch)
tree4e202e0fbf0b247708024b7362227e30c131c683
parent1b31224e59750f515f7ceb7adab2a7609371327d (diff)
parent9a7f1ce8b78dae09cf4510a98bd6b81d0d478772 (diff)
downloadgit-bde35a2a9334b27451d2cd7b175f9cafa7e68598.zip
git-bde35a2a9334b27451d2cd7b175f9cafa7e68598.tar.gz
git-bde35a2a9334b27451d2cd7b175f9cafa7e68598.tar.bz2
Merge branch 'rs/daemon-sanitize-dir-sep'
"git daemon" has been tightened against systems that take backslash as directory separator. * rs/daemon-sanitize-dir-sep: daemon: sanitize all directory separators
-rw-r--r--daemon.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/daemon.c b/daemon.c
index 3435319..5c4cbad 100644
--- a/daemon.c
+++ b/daemon.c
@@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host,
/*
* Sanitize a string from the client so that it's OK to be inserted into a
- * filesystem path. Specifically, we disallow slashes, runs of "..", and
- * trailing and leading dots, which means that the client cannot escape
- * our base path via ".." traversal.
+ * filesystem path. Specifically, we disallow directory separators, runs
+ * of "..", and trailing and leading dots, which means that the client
+ * cannot escape our base path via ".." traversal.
*/
static void sanitize_client(struct strbuf *out, const char *in)
{
for (; *in; in++) {
- if (*in == '/')
+ if (is_dir_sep(*in))
continue;
if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
continue;