diff options
| author | Christian Couder <christian.couder@gmail.com> | 2019-05-29 12:44:32 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2019-05-29 18:05:34 (GMT) |
| commit | e693237e2ba27b6129e8af7f6a794f5c2fbd26f3 (patch) | |
| tree | 2317223e6228a03a1b0b9fd4ecf5dc51a5eb5fbb /list-objects-filter.c | |
| parent | aa25c82427ae70aebf3b8f970f2afd54e9a2a8c6 (diff) | |
| download | git-e693237e2ba27b6129e8af7f6a794f5c2fbd26f3.zip git-e693237e2ba27b6129e8af7f6a794f5c2fbd26f3.tar.gz git-e693237e2ba27b6129e8af7f6a794f5c2fbd26f3.tar.bz2 | |
list-objects-filter: disable 'sparse:path' filters
If someone wants to use as a filter a sparse file that is in the
repository, something like "--filter=sparse:oid=<ref>:<path>"
already works.
So 'sparse:path' is only interesting if the sparse file is not in
the repository. In this case though the current implementation has
a big security issue, as it makes it possible to ask the server to
read any file, like for example /etc/password, and to explore the
filesystem, as well as individual lines of files.
If someone is interested in using a sparse file that is not in the
repository as a filter, then at the minimum a config option, such
as "uploadpack.sparsePathFilter", should be implemented first to
restrict the directory from which the files specified by
'sparse:path' can be read.
For now though, let's just disable 'sparse:path' filters.
Helped-by: Matthew DeVore <matvore@google.com>
Helped-by: Jeff Hostetler <git@jeffhostetler.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'list-objects-filter.c')
| -rw-r--r-- | list-objects-filter.c | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/list-objects-filter.c b/list-objects-filter.c index ee449de..53f9044 100644 --- a/list-objects-filter.c +++ b/list-objects-filter.c @@ -478,27 +478,6 @@ static void *filter_sparse_oid__init( return d; } -static void *filter_sparse_path__init( - struct oidset *omitted, - struct list_objects_filter_options *filter_options, - filter_object_fn *filter_fn, - filter_free_fn *filter_free_fn) -{ - struct filter_sparse_data *d = xcalloc(1, sizeof(*d)); - d->omits = omitted; - if (add_excludes_from_file_to_list(filter_options->sparse_path_value, - NULL, 0, &d->el, NULL) < 0) - die("could not load filter specification"); - - ALLOC_GROW(d->array_frame, d->nr + 1, d->alloc); - d->array_frame[d->nr].defval = 0; /* default to include */ - d->array_frame[d->nr].child_prov_omit = 0; - - *filter_fn = filter_sparse; - *filter_free_fn = filter_sparse_free; - return d; -} - typedef void *(*filter_init_fn)( struct oidset *omitted, struct list_objects_filter_options *filter_options, @@ -514,7 +493,6 @@ static filter_init_fn s_filters[] = { filter_blobs_limit__init, filter_trees_depth__init, filter_sparse_oid__init, - filter_sparse_path__init, }; void *list_objects_filter__init( |