Merge branch 'win32-filenames-cannot-have-trailing-spaces-or-periods'

On Windows, filenames cannot have trailing spaces or periods, when opening such paths, they are stripped automatically. Read: you can open the file `README` via the file name `README . . .`. This ambiguity can be used in combination with other security bugs to cause e.g. remote code execution during recursive clones. This patch series fixes that. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
author: Johannes Schindelin <johannes.schindelin@gmx.de> 2019-09-16 11:26:40 (GMT)
committer: Johannes Schindelin <johannes.schindelin@gmx.de> 2019-12-05 14:37:09 (GMT)
commit: 65d30a19de282d781c59bb7f807459cb5b29de1e (patch)
tree: ce238c2e1919a98b6079d1d81c69d3e464d754c9 /read-cache.c
parent: 5532ebdeb7ac56d952addb94ea9741d3c8f5b6f6 (diff)
parent: d2c84dad1c88f40906799bc879f70b965efd8ba6 (diff)
download: git-65d30a19de282d781c59bb7f807459cb5b29de1e.zip
git-65d30a19de282d781c59bb7f807459cb5b29de1e.tar.gz
git-65d30a19de282d781c59bb7f807459cb5b29de1e.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/read-cache.c b/read-cache.c
index bde1e70..771171c 100644
--- a/read-cache.c
+++ b/read-cache.c
@@ -847,6 +847,9 @@ int verify_path(const char *path, unsigned mode)
 	if (has_dos_drive_prefix(path))
 		return 0;
 
+	if (!is_valid_path(path))
+		return 0;
+
 	goto inside;
 	for (;;) {
 		if (!c)
author	Johannes Schindelin <johannes.schindelin@gmx.de>	2019-09-16 11:26:40 (GMT)
committer	Johannes Schindelin <johannes.schindelin@gmx.de>	2019-12-05 14:37:09 (GMT)
commit	65d30a19de282d781c59bb7f807459cb5b29de1e (patch)
tree	ce238c2e1919a98b6079d1d81c69d3e464d754c9 /read-cache.c
parent	5532ebdeb7ac56d952addb94ea9741d3c8f5b6f6 (diff)
parent	d2c84dad1c88f40906799bc879f70b965efd8ba6 (diff)
download	git-65d30a19de282d781c59bb7f807459cb5b29de1e.zip git-65d30a19de282d781c59bb7f807459cb5b29de1e.tar.gz git-65d30a19de282d781c59bb7f807459cb5b29de1e.tar.bz2