verify_path: consider dos drive prefix

If someone manage to create a repo with a 'C:' entry in the root-tree, files can be written outside of the working-dir. This opens up a can-of-worms of exploits. Fix it by explicitly checking for a dos drive prefix when verifying a paht. While we're at it, make sure that paths beginning with '\' is considered absolute as well. Noticed-by: Theo Niessink <theo@taletn.com> Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Erik Faye-Lund <kusmabite@gmail.com> 2011-05-27 18:00:40 +0200
committer: Junio C Hamano <gitster@pobox.com> 2011-05-27 10:59:18 -0700
commit: 56948cb6aa8189e3b77c700119d179172e0f8c4a (patch)
tree: 72aedbd05bfbe0621077b69aa846b4c95ba23170
parent: real_path: do not assume '/' is the path seperator (diff)
download: tgif-56948cb6aa8189e3b77c700119d179172e0f8c4a.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/read-cache.c b/read-cache.c
index 0480d9455c..31cf0b503a 100644
--- a/read-cache.c
+++ b/read-cache.c
@@ -774,11 +774,14 @@ int verify_path(const char *path)
 {
 	char c;
 
+	if (has_dos_drive_prefix(path))
+		return 0;
+
 	goto inside;
 	for (;;) {
 		if (!c)
 			return 1;
-		if (c == '/') {
+		if (is_dir_sep(c)) {
 inside:
 			c = *path++;
 			switch (c) {
author	Erik Faye-Lund <kusmabite@gmail.com>	2011-05-27 18:00:40 +0200
committer	Junio C Hamano <gitster@pobox.com>	2011-05-27 10:59:18 -0700
commit	56948cb6aa8189e3b77c700119d179172e0f8c4a (patch)
tree	72aedbd05bfbe0621077b69aa846b4c95ba23170
parent	real_path: do not assume '/' is the path seperator (diff)
download	tgif-56948cb6aa8189e3b77c700119d179172e0f8c4a.tar.xz