diff options
| author |  Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-09-16 13:26:40 +0200 |
|---|---|---|
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2019-12-05 15:37:09 +0100 |
| commit | 2ddcccf97a717f9df17a4843c39e3c4f1df49fec (patch) | |
| tree | 6d63983b124cf3793eee811811281ca131cebbb7 /t | |
| parent | Merge branch 'win32-filenames-cannot-have-trailing-spaces-or-periods' (diff) | |
| parent | mingw: handle `subst`-ed "DOS drives" (diff) | |
| download | tgif-2ddcccf97a717f9df17a4843c39e3c4f1df49fec.tar.xz | |
Merge branch 'win32-accommodate-funny-drive-names'
While the only permitted drive letters for physical drives on Windows
are letters of the US-English alphabet, this restriction does not apply
to virtual drives assigned via `subst <letter>: <path>`.
To prevent targeted attacks against systems where "funny" drive letters
such as `1` or `!` are assigned, let's handle them as regular drive
letters on Windows.
This fixes CVE-2019-1351.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 't')
| -rwxr-xr-x | t/t0060-path-utils.sh | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/t/t0060-path-utils.sh b/t/t0060-path-utils.sh index 1171e0bb88..40db3e1e1a 100755 --- a/t/t0060-path-utils.sh +++ b/t/t0060-path-utils.sh @@ -165,6 +165,15 @@ test_expect_success 'absolute path rejects the empty string' ' test_must_fail test-path-utils absolute_path "" ' +test_expect_success MINGW '<drive-letter>:\\abc is an absolute path' ' + for letter in : \" C Z 1 รค + do + path=$letter:\\abc && + absolute="$(test-path-utils absolute_path "$path")" && + test "$path" = "$absolute" || return 1 + done +' + test_expect_success 'real path rejects the empty string' ' test_must_fail test-path-utils real_path "" ' @@ -445,13 +454,15 @@ test_expect_success MINGW 'is_valid_path() on Windows' ' win32 \ "win32 x" \ ../hello.txt \ + C:\\git \ \ --not \ "win32 " \ "win32 /x " \ "win32." \ "win32 . ." \ - .../hello.txt + .../hello.txt \ + colon:test ' test_done |