summaryrefslogtreecommitdiff
path: root/t
diff options
context:
space:
mode:
authorLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-09-16 13:26:40 +0200
committerLibravatar Johannes Schindelin <johannes.schindelin@gmx.de>2019-12-05 15:37:09 +0100
commit2ddcccf97a717f9df17a4843c39e3c4f1df49fec (patch)
tree6d63983b124cf3793eee811811281ca131cebbb7 /t
parentMerge branch 'win32-filenames-cannot-have-trailing-spaces-or-periods' (diff)
parentmingw: handle `subst`-ed "DOS drives" (diff)
downloadtgif-2ddcccf97a717f9df17a4843c39e3c4f1df49fec.tar.xz
Merge branch 'win32-accommodate-funny-drive-names'
While the only permitted drive letters for physical drives on Windows are letters of the US-English alphabet, this restriction does not apply to virtual drives assigned via `subst <letter>: <path>`. To prevent targeted attacks against systems where "funny" drive letters such as `1` or `!` are assigned, let's handle them as regular drive letters on Windows. This fixes CVE-2019-1351. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 't')
-rwxr-xr-xt/t0060-path-utils.sh13
1 files changed, 12 insertions, 1 deletions
diff --git a/t/t0060-path-utils.sh b/t/t0060-path-utils.sh
index 1171e0bb88..40db3e1e1a 100755
--- a/t/t0060-path-utils.sh
+++ b/t/t0060-path-utils.sh
@@ -165,6 +165,15 @@ test_expect_success 'absolute path rejects the empty string' '
test_must_fail test-path-utils absolute_path ""
'
+test_expect_success MINGW '<drive-letter>:\\abc is an absolute path' '
+ for letter in : \" C Z 1 รค
+ do
+ path=$letter:\\abc &&
+ absolute="$(test-path-utils absolute_path "$path")" &&
+ test "$path" = "$absolute" || return 1
+ done
+'
+
test_expect_success 'real path rejects the empty string' '
test_must_fail test-path-utils real_path ""
'
@@ -445,13 +454,15 @@ test_expect_success MINGW 'is_valid_path() on Windows' '
win32 \
"win32 x" \
../hello.txt \
+ C:\\git \
\
--not \
"win32 " \
"win32 /x " \
"win32." \
"win32 . ." \
- .../hello.txt
+ .../hello.txt \
+ colon:test
'
test_done