Revision e1d911dd4c7b76a5a8cec0f5c8de15981e34da83 authored by Johannes Schindelin on 12 September 2019, 12:54:05 UTC, committed by Johannes Schindelin on 04 December 2019, 12:20:05 UTC
The backslash character is not a valid part of a file name on Windows. Hence it is dangerous to allow writing files that were unpacked from tree objects, when the stored file name contains a backslash character: it will be misinterpreted as directory separator. This not only causes ambiguity when a tree contains a blob `a\b` and a tree `a` that contains a blob `b`, but it also can be used as part of an attack vector to side-step the careful protections against writing into the `.git/` directory during a clone of a maliciously-crafted repository. Let's prevent that, addressing CVE-2019-1354. Note: we guard against backslash characters in tree objects' file names _only_ on Windows (because on other platforms, even on those where NTFS volumes can be mounted, the backslash character is _not_ a directory separator), and _only_ when `core.protectNTFS = true` (because users might need to generate tree objects for other platforms, of course without touching the worktree, e.g. using `git update-index --cacheinfo`). Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
1 parent 0060fd1
mailinfo.h
#ifndef MAILINFO_H
#define MAILINFO_H
#define MAX_BOUNDARIES 5
struct mailinfo {
FILE *input;
FILE *output;
FILE *patchfile;
struct strbuf name;
struct strbuf email;
int keep_subject;
int keep_non_patch_brackets_in_subject;
int add_message_id;
int use_scissors;
int use_inbody_headers;
const char *metainfo_charset;
struct strbuf *content[MAX_BOUNDARIES];
struct strbuf **content_top;
struct strbuf charset;
char *message_id;
enum {
TE_DONTCARE, TE_QP, TE_BASE64
} transfer_encoding;
int patch_lines;
int filter_stage; /* still reading log or are we copying patch? */
int header_stage; /* still checking in-body headers? */
struct strbuf inbody_header_accum;
struct strbuf **p_hdr_data;
struct strbuf **s_hdr_data;
struct strbuf log_message;
int input_error;
};
extern void setup_mailinfo(struct mailinfo *);
extern int mailinfo(struct mailinfo *, const char *msg, const char *patch);
extern void clear_mailinfo(struct mailinfo *);
#endif /* MAILINFO_H */
Computing file changes ...