credential-cache--daemon: disallow relative socket path

Relative socket paths are dangerous since the user cannot generally control when the daemon starts (initially, after a timeout, kill or crash). Since the daemon creates but does not delete the socket directory, this could lead to spurious directory creation relative to the users cwd. Suggested-by: Jeff King <peff@peff.net> Signed-off-by: Jon Griffiths <jon_p_griffiths@yahoo.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Jon Griffiths <jon_p_griffiths@yahoo.com> 2016-02-23 02:15:41 -0500
committer: Junio C Hamano <gitster@pobox.com> 2016-02-23 12:56:27 -0800
commit: bd93b8d9becb01d21871b63e34c2e824c60b1e8c (patch)
tree: c4cd9322a3d3a18f0a1ebf1480870d667521e942 /credential-cache--daemon.c
parent: credential-cache--daemon: refactor check_socket_directory (diff)
download: tgif-bd93b8d9becb01d21871b63e34c2e824c60b1e8c.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/credential-cache--daemon.c b/credential-cache--daemon.c
index 118d04f137..fe3779472c 100644
--- a/credential-cache--daemon.c
+++ b/credential-cache--daemon.c
@@ -262,6 +262,9 @@ int main(int argc, const char **argv)
 	if (!socket_path)
 		usage_with_options(usage, options);
 
+	if (!is_absolute_path(socket_path))
+		die("socket directory must be an absolute path");
+
 	init_socket_directory(socket_path);
 	register_tempfile(&socket_file, socket_path);
author	Jon Griffiths <jon_p_griffiths@yahoo.com>	2016-02-23 02:15:41 -0500
committer	Junio C Hamano <gitster@pobox.com>	2016-02-23 12:56:27 -0800
commit	bd93b8d9becb01d21871b63e34c2e824c60b1e8c (patch)
tree	c4cd9322a3d3a18f0a1ebf1480870d667521e942 /credential-cache--daemon.c
parent	credential-cache--daemon: refactor check_socket_directory (diff)
download	tgif-bd93b8d9becb01d21871b63e34c2e824c60b1e8c.tar.xz