summaryrefslogtreecommitdiff
path: root/compat
diff options
context:
space:
mode:
authorJohannes Schindelin <johannes.schindelin@gmx.de>2019-09-13 14:32:43 (GMT)
committerJohannes Schindelin <johannes.schindelin@gmx.de>2019-12-05 14:36:51 (GMT)
commit6d8684161ee9c03bed5cb69ae76dfdddb85a0003 (patch)
treedcf2b7748ebf88ec6cbcf8a9387d235d1415d44c /compat
parenta8dee3ca610f5a1d403634492136c887f83b59d2 (diff)
downloadgit-6d8684161ee9c03bed5cb69ae76dfdddb85a0003.zip
git-6d8684161ee9c03bed5cb69ae76dfdddb85a0003.tar.gz
git-6d8684161ee9c03bed5cb69ae76dfdddb85a0003.tar.bz2
mingw: fix quoting of arguments
We need to be careful to follow proper quoting rules. For example, if an argument contains spaces, we have to quote them. Double-quotes need to be escaped. Backslashes need to be escaped, but only if they are followed by a double-quote character. We need to be _extra_ careful to consider the case where an argument ends in a backslash _and_ needs to be quoted: in this case, we append a double-quote character, i.e. the backslash now has to be escaped! The current code, however, fails to recognize that, and therefore can turn an argument that ends in a single backslash into a quoted argument that now ends in an escaped double-quote character. This allows subsequent command-line parameters to be split and part of them being mistaken for command-line options, e.g. through a maliciously-crafted submodule URL during a recursive clone. Technically, we would not need to quote _all_ arguments which end in a backslash _unless_ the argument needs to be quoted anyway. For example, `test\` would not need to be quoted, while `test \` would need to be. To keep the code simple, however, and therefore easier to reason about and ensure its correctness, we now _always_ quote an argument that ends in a backslash. This addresses CVE-2019-1350. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'compat')
-rw-r--r--compat/mingw.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/compat/mingw.c b/compat/mingw.c
index 8b6fa0d..459ee20 100644
--- a/compat/mingw.c
+++ b/compat/mingw.c
@@ -872,7 +872,7 @@ static const char *quote_arg(const char *arg)
p++;
len++;
}
- if (*p == '"')
+ if (*p == '"' || !*p)
n += count*2 + 1;
continue;
}
@@ -894,16 +894,19 @@ static const char *quote_arg(const char *arg)
count++;
*d++ = *arg++;
}
- if (*arg == '"') {
+ if (*arg == '"' || !*arg) {
while (count-- > 0)
*d++ = '\\';
+ /* don't escape the surrounding end quote */
+ if (!*arg)
+ break;
*d++ = '\\';
}
}
*d++ = *arg++;
}
*d++ = '"';
- *d++ = 0;
+ *d++ = '\0';
return q;
}