From 1679d60bfc4c5c38f30fc938cf006b1e8608f733 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 16 Feb 2021 09:44:28 -0500 Subject: exclude: add flags parameter to add_patterns() There are a number of callers of add_patterns() and its sibling functions. Let's give them a "flags" parameter for adding new options without having to touch each caller. We'll use this in a future patch to add O_NOFOLLOW support. But for now each caller just passes 0. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- dir.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'dir.c') diff --git a/dir.c b/dir.c index d153a63bbd..f7fb1db718 100644 --- a/dir.c +++ b/dir.c @@ -1046,7 +1046,7 @@ static int add_patterns_from_buffer(char *buf, size_t size, */ static int add_patterns(const char *fname, const char *base, int baselen, struct pattern_list *pl, struct index_state *istate, - struct oid_stat *oid_stat) + unsigned flags, struct oid_stat *oid_stat) { struct stat st; int r; @@ -1143,9 +1143,10 @@ static int add_patterns_from_buffer(char *buf, size_t size, int add_patterns_from_file_to_list(const char *fname, const char *base, int baselen, struct pattern_list *pl, - struct index_state *istate) + struct index_state *istate, + unsigned flags) { - return add_patterns(fname, base, baselen, pl, istate, NULL); + return add_patterns(fname, base, baselen, pl, istate, flags, NULL); } int add_patterns_from_blob_to_list( @@ -1194,7 +1195,7 @@ static void add_patterns_from_file_1(struct dir_struct *dir, const char *fname, if (!dir->untracked) dir->unmanaged_exclude_files++; pl = add_pattern_list(dir, EXC_FILE, fname); - if (add_patterns(fname, "", 0, pl, NULL, oid_stat) < 0) + if (add_patterns(fname, "", 0, pl, NULL, 0, oid_stat) < 0) die(_("cannot use %s as an exclude file"), fname); } @@ -1557,7 +1558,7 @@ static void prep_exclude(struct dir_struct *dir, strbuf_addbuf(&sb, &dir->basebuf); strbuf_addstr(&sb, dir->exclude_per_dir); pl->src = strbuf_detach(&sb, NULL); - add_patterns(pl->src, pl->src, stk->baselen, pl, istate, + add_patterns(pl->src, pl->src, stk->baselen, pl, istate, 0, untracked ? &oid_stat : NULL); } /* @@ -3009,7 +3010,7 @@ int get_sparse_checkout_patterns(struct pattern_list *pl) char *sparse_filename = get_sparse_checkout_filename(); pl->use_cone_patterns = core_sparse_checkout_cone; - res = add_patterns_from_file_to_list(sparse_filename, "", 0, pl, NULL); + res = add_patterns_from_file_to_list(sparse_filename, "", 0, pl, NULL, 0); free(sparse_filename); return res; -- cgit v1.2.3 From feb9b7792f0963a818f825bd99be4cda4e8226a5 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 16 Feb 2021 09:44:34 -0500 Subject: exclude: do not respect symlinks for in-tree .gitignore As with .gitattributes, we would like to make sure that .gitignore files are handled consistently whether read from the index or from the filesystem. Likewise, we would like to avoid reading out-of-tree files pointed to by the symlinks, which could have security implications in certain setups. We can cover both by using open_nofollow() when opening the in-tree files. We'll continue to follow links for core.excludesFile, as well as $GIT_DIR/info/exclude. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- dir.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'dir.c') diff --git a/dir.c b/dir.c index f7fb1db718..3692a28186 100644 --- a/dir.c +++ b/dir.c @@ -1035,6 +1035,9 @@ static int add_patterns_from_buffer(char *buf, size_t size, const char *base, int baselen, struct pattern_list *pl); +/* Flags for add_patterns() */ +#define PATTERN_NOFOLLOW (1<<0) + /* * Given a file with name "fname", read it (either from disk, or from * an index if 'istate' is non-null), parse it and store the @@ -1054,7 +1057,11 @@ static int add_patterns(const char *fname, const char *base, int baselen, size_t size = 0; char *buf; - fd = open(fname, O_RDONLY); + if (flags & PATTERN_NOFOLLOW) + fd = open_nofollow(fname, O_RDONLY); + else + fd = open(fname, O_RDONLY); + if (fd < 0 || fstat(fd, &st) < 0) { if (fd < 0) warn_on_fopen_errors(fname); @@ -1558,7 +1565,8 @@ static void prep_exclude(struct dir_struct *dir, strbuf_addbuf(&sb, &dir->basebuf); strbuf_addstr(&sb, dir->exclude_per_dir); pl->src = strbuf_detach(&sb, NULL); - add_patterns(pl->src, pl->src, stk->baselen, pl, istate, 0, + add_patterns(pl->src, pl->src, stk->baselen, pl, istate, + PATTERN_NOFOLLOW, untracked ? &oid_stat : NULL); } /* -- cgit v1.2.3