diff options
| author |  Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-09-13 16:32:43 +0200 |
|---|---|---|
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-12-05 15:36:51 +0100 |
| commit | 6d8684161ee9c03bed5cb69ae76dfdddb85a0003 (patch) | |
| tree | dcf2b7748ebf88ec6cbcf8a9387d235d1415d44c /credential-store.c | |
| parent | Disallow dubiously-nested submodule git directories (diff) | |
| download | tgif-6d8684161ee9c03bed5cb69ae76dfdddb85a0003.tar.xz | |
mingw: fix quoting of arguments
We need to be careful to follow proper quoting rules. For example, if an
argument contains spaces, we have to quote them. Double-quotes need to
be escaped. Backslashes need to be escaped, but only if they are
followed by a double-quote character.
We need to be _extra_ careful to consider the case where an argument
ends in a backslash _and_ needs to be quoted: in this case, we append a
double-quote character, i.e. the backslash now has to be escaped!
The current code, however, fails to recognize that, and therefore can
turn an argument that ends in a single backslash into a quoted argument
that now ends in an escaped double-quote character. This allows
subsequent command-line parameters to be split and part of them being
mistaken for command-line options, e.g. through a maliciously-crafted
submodule URL during a recursive clone.
Technically, we would not need to quote _all_ arguments which end in a
backslash _unless_ the argument needs to be quoted anyway. For example,
`test\` would not need to be quoted, while `test \` would need to be.
To keep the code simple, however, and therefore easier to reason about
and ensure its correctness, we now _always_ quote an argument that ends
in a backslash.
This addresses CVE-2019-1350.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'credential-store.c')
0 files changed, 0 insertions, 0 deletions