apply: do not read from beyond a symbolic link

We should reject a patch, whether it renames/copies dir/file to elsewhere with or without modificiation, or updates dir/file in place, if "dir/" part is actually a symbolic link to elsewhere, by making sure that the code to read the preimage does not read from a path that is beyond a symbolic link. Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Junio C Hamano <gitster@pobox.com> 2015-01-30 15:34:13 -0800
committer: Junio C Hamano <gitster@pobox.com> 2015-02-10 13:41:39 -0800
commit: fdc2c3a926c21e24986677abd02c8bc568a5de32 (patch)
tree: 1ee77daa3090efe28fa2fc2659863fba6e2793d3 /builtin
parent: apply: do not read from the filesystem under --index (diff)
download: tgif-fdc2c3a926c21e24986677abd02c8bc568a5de32.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/builtin/apply.c b/builtin/apply.c
index 21e45a0f10..422e4ce7aa 100644
--- a/builtin/apply.c
+++ b/builtin/apply.c
@@ -3145,6 +3145,8 @@ static int load_patch_target(struct strbuf *buf,
 				return read_file_or_gitlink(ce, buf);
 			else
 				return SUBMODULE_PATCH_WITHOUT_INDEX;
+		} else if (has_symlink_leading_path(name, strlen(name))) {
+			return error(_("reading from '%s' beyond a symbolic link"), name);
 		} else {
 			if (read_old_data(st, name, buf))
 				return error(_("read of %s failed"), name);
author	Junio C Hamano <gitster@pobox.com>	2015-01-30 15:34:13 -0800
committer	Junio C Hamano <gitster@pobox.com>	2015-02-10 13:41:39 -0800
commit	fdc2c3a926c21e24986677abd02c8bc568a5de32 (patch)
tree	1ee77daa3090efe28fa2fc2659863fba6e2793d3 /builtin
parent	apply: do not read from the filesystem under --index (diff)
download	tgif-fdc2c3a926c21e24986677abd02c8bc568a5de32.tar.xz