summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--builtin/apply.c2
-rwxr-xr-xt/t4122-apply-symlink-inside.sh19
2 files changed, 21 insertions, 0 deletions
diff --git a/builtin/apply.c b/builtin/apply.c
index 21e45a0f10..422e4ce7aa 100644
--- a/builtin/apply.c
+++ b/builtin/apply.c
@@ -3145,6 +3145,8 @@ static int load_patch_target(struct strbuf *buf,
return read_file_or_gitlink(ce, buf);
else
return SUBMODULE_PATCH_WITHOUT_INDEX;
+ } else if (has_symlink_leading_path(name, strlen(name))) {
+ return error(_("reading from '%s' beyond a symbolic link"), name);
} else {
if (read_old_data(st, name, buf))
return error(_("read of %s failed"), name);
diff --git a/t/t4122-apply-symlink-inside.sh b/t/t4122-apply-symlink-inside.sh
index 70b3a06e1d..035c080581 100755
--- a/t/t4122-apply-symlink-inside.sh
+++ b/t/t4122-apply-symlink-inside.sh
@@ -52,4 +52,23 @@ test_expect_success 'check result' '
'
+test_expect_success SYMLINKS 'do not read from beyond symbolic link' '
+ git reset --hard &&
+ mkdir -p arch/x86_64/dir &&
+ >arch/x86_64/dir/file &&
+ git add arch/x86_64/dir/file &&
+ echo line >arch/x86_64/dir/file &&
+ git diff >patch &&
+ git reset --hard &&
+
+ mkdir arch/i386/dir &&
+ >arch/i386/dir/file &&
+ ln -s ../i386/dir arch/x86_64/dir &&
+
+ test_must_fail git apply patch &&
+ test_must_fail git apply --cached patch &&
+ test_must_fail git apply --index patch
+
+'
+
test_done