From fdc2c3a926c21e24986677abd02c8bc568a5de32 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 30 Jan 2015 15:34:13 -0800 Subject: apply: do not read from beyond a symbolic link We should reject a patch, whether it renames/copies dir/file to elsewhere with or without modificiation, or updates dir/file in place, if "dir/" part is actually a symbolic link to elsewhere, by making sure that the code to read the preimage does not read from a path that is beyond a symbolic link. Signed-off-by: Junio C Hamano --- builtin/apply.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'builtin') diff --git a/builtin/apply.c b/builtin/apply.c index 21e45a0f10..422e4ce7aa 100644 --- a/builtin/apply.c +++ b/builtin/apply.c @@ -3145,6 +3145,8 @@ static int load_patch_target(struct strbuf *buf, return read_file_or_gitlink(ce, buf); else return SUBMODULE_PATCH_WITHOUT_INDEX; + } else if (has_symlink_leading_path(name, strlen(name))) { + return error(_("reading from '%s' beyond a symbolic link"), name); } else { if (read_old_data(st, name, buf)) return error(_("read of %s failed"), name); -- cgit v1.2.3