diff options
author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-09-16 11:26:40 (GMT) |
---|---|---|
committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-12-05 14:37:09 (GMT) |
commit | 65d30a19de282d781c59bb7f807459cb5b29de1e (patch) | |
tree | ce238c2e1919a98b6079d1d81c69d3e464d754c9 /read-cache.c | |
parent | 5532ebdeb7ac56d952addb94ea9741d3c8f5b6f6 (diff) | |
parent | d2c84dad1c88f40906799bc879f70b965efd8ba6 (diff) | |
download | git-65d30a19de282d781c59bb7f807459cb5b29de1e.zip git-65d30a19de282d781c59bb7f807459cb5b29de1e.tar.gz git-65d30a19de282d781c59bb7f807459cb5b29de1e.tar.bz2 |
Merge branch 'win32-filenames-cannot-have-trailing-spaces-or-periods'
On Windows, filenames cannot have trailing spaces or periods, when
opening such paths, they are stripped automatically. Read: you can open
the file `README` via the file name `README . . .`. This ambiguity can
be used in combination with other security bugs to cause e.g. remote
code execution during recursive clones. This patch series fixes that.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'read-cache.c')
-rw-r--r-- | read-cache.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/read-cache.c b/read-cache.c index bde1e70..771171c 100644 --- a/read-cache.c +++ b/read-cache.c @@ -847,6 +847,9 @@ int verify_path(const char *path, unsigned mode) if (has_dos_drive_prefix(path)) return 0; + if (!is_valid_path(path)) + return 0; + goto inside; for (;;) { if (!c) |