summaryrefslogtreecommitdiff
path: root/t/t6020-merge-df.sh
diff options
context:
space:
mode:
authorLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-09-16 13:26:40 +0200
committerLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-12-05 15:37:08 +0100
commit5532ebdeb7ac56d952addb94ea9741d3c8f5b6f6 (patch)
treeecabfba07ded9ef567af1545e686b71f30cfbee0 /t/t6020-merge-df.sh
parentMerge branch 'dubiously-nested-submodules' (diff)
parentquote-stress-test: offer to test quoting arguments for MSYS2 sh (diff)
downloadtgif-5532ebdeb7ac56d952addb94ea9741d3c8f5b6f6.tar.xz
Merge branch 'fix-mingw-quoting-bug'
This patch fixes a vulnerability in the Windows-specific code where a submodule names ending in a backslash were quoted incorrectly, and that bug could be abused to insert command-line parameters e.g. to `ssh` in a recursive clone. Note: this bug is Windows-only, as we have to construct a command line for the process-to-spawn, unlike Linux/macOS, where `execv()` accepts an already-split command line. While at it, other quoting issues are fixed as well. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 't/t6020-merge-df.sh')
0 files changed, 0 insertions, 0 deletions