Revision 6d8684161ee9c03bed5cb69ae76dfdddb85a0003 authored by Johannes Schindelin on 13 September 2019, 14:32:43 UTC, committed by Johannes Schindelin on 05 December 2019, 14:36:51 UTC
We need to be careful to follow proper quoting rules. For example, if an argument contains spaces, we have to quote them. Double-quotes need to be escaped. Backslashes need to be escaped, but only if they are followed by a double-quote character. We need to be _extra_ careful to consider the case where an argument ends in a backslash _and_ needs to be quoted: in this case, we append a double-quote character, i.e. the backslash now has to be escaped! The current code, however, fails to recognize that, and therefore can turn an argument that ends in a single backslash into a quoted argument that now ends in an escaped double-quote character. This allows subsequent command-line parameters to be split and part of them being mistaken for command-line options, e.g. through a maliciously-crafted submodule URL during a recursive clone. Technically, we would not need to quote _all_ arguments which end in a backslash _unless_ the argument needs to be quoted anyway. For example, `test\` would not need to be quoted, while `test \` would need to be. To keep the code simple, however, and therefore easier to reason about and ensure its correctness, we now _always_ quote an argument that ends in a backslash. This addresses CVE-2019-1350. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1 parent a8dee3c
check_bindir
#!/bin/sh
bindir="$1"
gitexecdir="$2"
gitcmd="$3"
if test "$bindir" != "$gitexecdir" && test -x "$gitcmd"
then
echo
echo "!! You have installed git-* commands to new gitexecdir."
echo "!! Old version git-* commands still remain in bindir."
echo "!! Mixing two versions of Git will lead to problems."
echo "!! Please remove old version commands in bindir now."
echo
fi
Computing file changes ...