summaryrefslogtreecommitdiff
path: root/dir-iterator.c
diff options
context:
space:
mode:
authorLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-09-12 14:54:05 +0200
committerLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-12-04 13:20:05 +0100
commite1d911dd4c7b76a5a8cec0f5c8de15981e34da83 (patch)
treec3e36cceeadde0713a1f154b075ca1176f1b4a8b /dir-iterator.c
parentclone --recurse-submodules: prevent name squatting on Windows (diff)
downloadtgif-e1d911dd4c7b76a5a8cec0f5c8de15981e34da83.tar.xz
mingw: disallow backslash characters in tree objects' file names
The backslash character is not a valid part of a file name on Windows. Hence it is dangerous to allow writing files that were unpacked from tree objects, when the stored file name contains a backslash character: it will be misinterpreted as directory separator. This not only causes ambiguity when a tree contains a blob `a\b` and a tree `a` that contains a blob `b`, but it also can be used as part of an attack vector to side-step the careful protections against writing into the `.git/` directory during a clone of a maliciously-crafted repository. Let's prevent that, addressing CVE-2019-1354. Note: we guard against backslash characters in tree objects' file names _only_ on Windows (because on other platforms, even on those where NTFS volumes can be mounted, the backslash character is _not_ a directory separator), and _only_ when `core.protectNTFS = true` (because users might need to generate tree objects for other platforms, of course without touching the worktree, e.g. using `git update-index --cacheinfo`). Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'dir-iterator.c')
0 files changed, 0 insertions, 0 deletions