If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.
Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.
Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
{
char c;
+ if (has_dos_drive_prefix(path))
+ return 0;
+
goto inside;
for (;;) {
if (!c)
return 1;
- if (c == '/') {
+ if (is_dir_sep(c)) {
inside:
c = *path++;
switch (c) {