Revision a7b1ad3b05fd1dc03c3de12ea4f2d8118ad24e2c authored by Johannes Schindelin on 03 October 2019, 18:44:34 UTC, committed by Johannes Schindelin on 04 December 2019, 12:23:22 UTC
The `--export-marks` option of `git fast-import` is exposed also via the in-stream command `feature export-marks=...` and it allows overwriting arbitrary paths. This topic branch prevents the in-stream version, to prevent arbitrary file accesses by `git fast-import` streams coming from untrusted sources (e.g. in remote helpers that are based on `git fast-import`). This fixes CVE-2019-1348. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
help.h
#ifndef HELP_H
#define HELP_H
struct cmdnames {
int alloc;
int cnt;
struct cmdname {
size_t len; /* also used for similarity index in help.c */
char name[FLEX_ARRAY];
} **names;
};
static inline void mput_char(char c, unsigned int num)
{
while(num--)
putchar(c);
}
extern void list_common_cmds_help(void);
extern const char *help_unknown_cmd(const char *cmd);
extern void load_command_list(const char *prefix,
struct cmdnames *main_cmds,
struct cmdnames *other_cmds);
extern void add_cmdname(struct cmdnames *cmds, const char *name, int len);
/* Here we require that excludes is a sorted list. */
extern void exclude_cmds(struct cmdnames *cmds, struct cmdnames *excludes);
extern int is_in_cmdlist(struct cmdnames *cmds, const char *name);
extern void list_commands(unsigned int colopts, struct cmdnames *main_cmds, struct cmdnames *other_cmds);
/*
* call this to die(), when it is suspected that the user mistyped a
* ref to the command, to give suggested "correct" refs.
*/
extern void help_unknown_ref(const char *ref, const char *cmd, const char *error);
#endif /* HELP_H */
Computing file changes ...
