diff options
author | Jeff King <peff@peff.net> | 2021-02-16 09:44:34 -0500 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2021-02-16 09:41:33 -0800 |
commit | feb9b7792f0963a818f825bd99be4cda4e8226a5 (patch) | |
tree | 0b45c0fa0ffb8ce857be60bdd4babb2d3a50ce27 /dir.c | |
parent | attr: do not respect symlinks for in-tree .gitattributes (diff) | |
download | tgif-feb9b7792f0963a818f825bd99be4cda4e8226a5.tar.xz |
exclude: do not respect symlinks for in-tree .gitignore
As with .gitattributes, we would like to make sure that .gitignore files
are handled consistently whether read from the index or from the
filesystem. Likewise, we would like to avoid reading out-of-tree files
pointed to by the symlinks, which could have security implications in
certain setups.
We can cover both by using open_nofollow() when opening the in-tree
files. We'll continue to follow links for core.excludesFile, as well as
$GIT_DIR/info/exclude.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'dir.c')
-rw-r--r-- | dir.c | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -1035,6 +1035,9 @@ static int add_patterns_from_buffer(char *buf, size_t size, const char *base, int baselen, struct pattern_list *pl); +/* Flags for add_patterns() */ +#define PATTERN_NOFOLLOW (1<<0) + /* * Given a file with name "fname", read it (either from disk, or from * an index if 'istate' is non-null), parse it and store the @@ -1054,7 +1057,11 @@ static int add_patterns(const char *fname, const char *base, int baselen, size_t size = 0; char *buf; - fd = open(fname, O_RDONLY); + if (flags & PATTERN_NOFOLLOW) + fd = open_nofollow(fname, O_RDONLY); + else + fd = open(fname, O_RDONLY); + if (fd < 0 || fstat(fd, &st) < 0) { if (fd < 0) warn_on_fopen_errors(fname); @@ -1558,7 +1565,8 @@ static void prep_exclude(struct dir_struct *dir, strbuf_addbuf(&sb, &dir->basebuf); strbuf_addstr(&sb, dir->exclude_per_dir); pl->src = strbuf_detach(&sb, NULL); - add_patterns(pl->src, pl->src, stk->baselen, pl, istate, 0, + add_patterns(pl->src, pl->src, stk->baselen, pl, istate, + PATTERN_NOFOLLOW, untracked ? &oid_stat : NULL); } /* |