summaryrefslogtreecommitdiff
path: root/fsck.c
diff options
context:
space:
mode:
authorJonathan Nieder <jrnieder@gmail.com>2019-12-05 09:30:43 (GMT)
committerJohannes Schindelin <johannes.schindelin@gmx.de>2019-12-06 15:27:38 (GMT)
commitbb92255ebe6bccd76227e023d6d0bc997e318ad0 (patch)
treed506e15c7903457a57677942a619c07e36e0509e /fsck.c
parentbdfef0492cada3fb36f454804796bf12c79a7136 (diff)
downloadgit-bb92255ebe6bccd76227e023d6d0bc997e318ad0.zip
git-bb92255ebe6bccd76227e023d6d0bc997e318ad0.tar.gz
git-bb92255ebe6bccd76227e023d6d0bc997e318ad0.tar.bz2
fsck: reject submodule.update = !command in .gitmodules
This allows hosting providers to detect whether they are being used to attack users using malicious 'update = !command' settings in .gitmodules. Since ac1fbbda2013 (submodule: do not copy unknown update mode from .gitmodules, 2013-12-02), in normal cases such settings have been treated as 'update = none', so forbidding them should not produce any collateral damage to legitimate uses. A quick search does not reveal any repositories making use of this construct, either. Reported-by: Joern Schneeweisz <jschneeweisz@gitlab.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'fsck.c')
-rw-r--r--fsck.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/fsck.c b/fsck.c
index 2fc6bbc..0741e62 100644
--- a/fsck.c
+++ b/fsck.c
@@ -66,6 +66,7 @@ static struct oidset gitmodules_done = OIDSET_INIT;
FUNC(GITMODULES_SYMLINK, ERROR) \
FUNC(GITMODULES_URL, ERROR) \
FUNC(GITMODULES_PATH, ERROR) \
+ FUNC(GITMODULES_UPDATE, ERROR) \
/* warnings */ \
FUNC(BAD_FILEMODE, WARN) \
FUNC(EMPTY_NAME, WARN) \
@@ -975,6 +976,12 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
FSCK_MSG_GITMODULES_PATH,
"disallowed submodule path: %s",
value);
+ if (!strcmp(key, "update") && value &&
+ parse_submodule_update_type(value) == SM_UPDATE_COMMAND)
+ data->ret |= report(data->options, data->obj,
+ FSCK_MSG_GITMODULES_UPDATE,
+ "disallowed submodule update setting: %s",
+ value);
free(name);
return 0;