verify_path: consider dos drive prefix
authorErik Faye-Lund <kusmabite@gmail.com>
Fri, 27 May 2011 16:00:40 +0000 (18:00 +0200)
committerJunio C Hamano <gitster@pobox.com>
Fri, 27 May 2011 17:59:18 +0000 (10:59 -0700)
If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.

Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.

Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
read-cache.c

index 0480d9455cec042cf128e4d92bbc44a9dcc3fe32..31cf0b503adb9c9b436a74df6ab11992d863a057 100644 (file)
@@ -774,11 +774,14 @@ int verify_path(const char *path)
 {
        char c;
 
+       if (has_dos_drive_prefix(path))
+               return 0;
+
        goto inside;
        for (;;) {
                if (!c)
                        return 1;
-               if (c == '/') {
+               if (is_dir_sep(c)) {
 inside:
                        c = *path++;
                        switch (c) {