Merge branch 'win32-accommodate-funny-drive-names'

While the only permitted drive letters for physical drives on Windows
are letters of the US-English alphabet, this restriction does not apply
to virtual drives assigned via `subst <letter>: <path>`.

To prevent targeted attacks against systems where "funny" drive letters
such as `1` or `!` are assigned, let's handle them as regular drive
letters on Windows.

This fixes CVE-2019-1351.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

1 files changed, 12 insertions, 1 deletions

diff --git a/t/t0060-path-utils.sh b/t/t0060-path-utils.sh
index 1171e0b..40db3e1 100755
--- a/t/t0060-path-utils.sh
+++ b/t/t0060-path-utils.sh
@@ -165,6 +165,15 @@ test_expect_success 'absolute path rejects the empty string' '
 	test_must_fail test-path-utils absolute_path ""
 '
 
+test_expect_success MINGW '<drive-letter>:\\abc is an absolute path' '
+	for letter in : \" C Z 1 ä
+	do
+		path=$letter:\\abc &&
+		absolute="$(test-path-utils absolute_path "$path")" &&
+		test "$path" = "$absolute" || return 1
+	done
+'
+
 test_expect_success 'real path rejects the empty string' '
 	test_must_fail test-path-utils real_path ""
 '
@@ -445,13 +454,15 @@ test_expect_success MINGW 'is_valid_path() on Windows' '
 		win32 \
 		"win32 x" \
 		../hello.txt \
+		C:\\git \
 		\
 		--not \
 		"win32 "  \
 		"win32 /x "  \
 		"win32."  \
 		"win32 . ." \
-		.../hello.txt
+		.../hello.txt \
+		colon:test
 '
 
 test_done