diff options
-rw-r--r-- | builtin/apply.c | 2 | ||||
-rwxr-xr-x | t/t4122-apply-symlink-inside.sh | 19 |
2 files changed, 21 insertions, 0 deletions
diff --git a/builtin/apply.c b/builtin/apply.c index 21e45a0f10..422e4ce7aa 100644 --- a/builtin/apply.c +++ b/builtin/apply.c @@ -3145,6 +3145,8 @@ static int load_patch_target(struct strbuf *buf, return read_file_or_gitlink(ce, buf); else return SUBMODULE_PATCH_WITHOUT_INDEX; + } else if (has_symlink_leading_path(name, strlen(name))) { + return error(_("reading from '%s' beyond a symbolic link"), name); } else { if (read_old_data(st, name, buf)) return error(_("read of %s failed"), name); diff --git a/t/t4122-apply-symlink-inside.sh b/t/t4122-apply-symlink-inside.sh index 70b3a06e1d..035c080581 100755 --- a/t/t4122-apply-symlink-inside.sh +++ b/t/t4122-apply-symlink-inside.sh @@ -52,4 +52,23 @@ test_expect_success 'check result' ' ' +test_expect_success SYMLINKS 'do not read from beyond symbolic link' ' + git reset --hard && + mkdir -p arch/x86_64/dir && + >arch/x86_64/dir/file && + git add arch/x86_64/dir/file && + echo line >arch/x86_64/dir/file && + git diff >patch && + git reset --hard && + + mkdir arch/i386/dir && + >arch/i386/dir/file && + ln -s ../i386/dir arch/x86_64/dir && + + test_must_fail git apply patch && + test_must_fail git apply --cached patch && + test_must_fail git apply --index patch + +' + test_done |