diff options
author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-03-03 15:16:56 +0900 |
---|---|---|
committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-03-03 15:16:56 +0900 |
commit | 2d29e070a20e1dc9129eaaa0a308f5db609b2e3a (patch) | |
tree | 1caf9e1d7dcb6ae65c3431f7094629564bbda048 /fsck.c | |
parent | c1e56cc9b3fa56810f5af6086bf7487646aa466b (diff) | |
download | git-2d29e070a20e1dc9129eaaa0a308f5db609b2e3a.tar.gz git-2d29e070a20e1dc9129eaaa0a308f5db609b2e3a.tar.bz2 git-2d29e070a20e1dc9129eaaa0a308f5db609b2e3a.zip |
Imported Upstream version 2.22.0upstream/2.22.0
Diffstat (limited to 'fsck.c')
-rw-r--r-- | fsck.c | 174 |
1 files changed, 3 insertions, 171 deletions
@@ -9,14 +9,12 @@ #include "tag.h" #include "fsck.h" #include "refs.h" -#include "url.h" #include "utf8.h" #include "decorate.h" #include "oidset.h" #include "packfile.h" #include "submodule-config.h" #include "config.h" -#include "credential.h" #include "help.h" static struct oidset gitmodules_found = OIDSET_INIT; @@ -70,7 +68,6 @@ static struct oidset gitmodules_done = OIDSET_INIT; FUNC(GITMODULES_SYMLINK, ERROR) \ FUNC(GITMODULES_URL, ERROR) \ FUNC(GITMODULES_PATH, ERROR) \ - FUNC(GITMODULES_UPDATE, ERROR) \ /* warnings */ \ FUNC(BAD_FILEMODE, WARN) \ FUNC(EMPTY_NAME, WARN) \ @@ -607,8 +604,8 @@ static int fsck_tree(struct tree *item, struct fsck_options *options) o_name = NULL; while (desc.size) { - unsigned mode; - const char *name, *backslash; + unsigned short mode; + const char *name; const struct object_id *oid; oid = tree_entry_extract(&desc, &name, &mode); @@ -630,22 +627,6 @@ static int fsck_tree(struct tree *item, struct fsck_options *options) ".gitmodules is a symbolic link"); } - if ((backslash = strchr(name, '\\'))) { - while (backslash) { - backslash++; - has_dotgit |= is_ntfs_dotgit(backslash); - if (is_ntfs_dotgitmodules(backslash)) { - if (!S_ISLNK(mode)) - oidset_insert(&gitmodules_found, oid); - else - retval += report(options, &item->object, - FSCK_MSG_GITMODULES_SYMLINK, - ".gitmodules is a symbolic link"); - } - backslash = strchr(backslash, '\\'); - } - } - if (update_tree_entry_gently(&desc)) { retval += report(options, &item->object, FSCK_MSG_BAD_TREE, "cannot be parsed as a tree"); break; @@ -984,149 +965,6 @@ static int fsck_tag(struct tag *tag, const char *data, return fsck_tag_buffer(tag, data, size, options); } -/* - * Like builtin/submodule--helper.c's starts_with_dot_slash, but without - * relying on the platform-dependent is_dir_sep helper. - * - * This is for use in checking whether a submodule URL is interpreted as - * relative to the current directory on any platform, since \ is a - * directory separator on Windows but not on other platforms. - */ -static int starts_with_dot_slash(const char *str) -{ - return str[0] == '.' && (str[1] == '/' || str[1] == '\\'); -} - -/* - * Like starts_with_dot_slash, this is a variant of submodule--helper's - * helper of the same name with the twist that it accepts backslash as a - * directory separator even on non-Windows platforms. - */ -static int starts_with_dot_dot_slash(const char *str) -{ - return str[0] == '.' && starts_with_dot_slash(str + 1); -} - -static int submodule_url_is_relative(const char *url) -{ - return starts_with_dot_slash(url) || starts_with_dot_dot_slash(url); -} - -/* - * Count directory components that a relative submodule URL should chop - * from the remote_url it is to be resolved against. - * - * In other words, this counts "../" components at the start of a - * submodule URL. - * - * Returns the number of directory components to chop and writes a - * pointer to the next character of url after all leading "./" and - * "../" components to out. - */ -static int count_leading_dotdots(const char *url, const char **out) -{ - int result = 0; - while (1) { - if (starts_with_dot_dot_slash(url)) { - result++; - url += strlen("../"); - continue; - } - if (starts_with_dot_slash(url)) { - url += strlen("./"); - continue; - } - *out = url; - return result; - } -} -/* - * Check whether a transport is implemented by git-remote-curl. - * - * If it is, returns 1 and writes the URL that would be passed to - * git-remote-curl to the "out" parameter. - * - * Otherwise, returns 0 and leaves "out" untouched. - * - * Examples: - * http::https://example.com/repo.git -> 1, https://example.com/repo.git - * https://example.com/repo.git -> 1, https://example.com/repo.git - * git://example.com/repo.git -> 0 - * - * This is for use in checking for previously exploitable bugs that - * required a submodule URL to be passed to git-remote-curl. - */ -static int url_to_curl_url(const char *url, const char **out) -{ - /* - * We don't need to check for case-aliases, "http.exe", and so - * on because in the default configuration, is_transport_allowed - * prevents URLs with those schemes from being cloned - * automatically. - */ - if (skip_prefix(url, "http::", out) || - skip_prefix(url, "https::", out) || - skip_prefix(url, "ftp::", out) || - skip_prefix(url, "ftps::", out)) - return 1; - if (starts_with(url, "http://") || - starts_with(url, "https://") || - starts_with(url, "ftp://") || - starts_with(url, "ftps://")) { - *out = url; - return 1; - } - return 0; -} - -static int check_submodule_url(const char *url) -{ - const char *curl_url; - - if (looks_like_command_line_option(url)) - return -1; - - if (submodule_url_is_relative(url)) { - char *decoded; - const char *next; - int has_nl; - - /* - * This could be appended to an http URL and url-decoded; - * check for malicious characters. - */ - decoded = url_decode(url); - has_nl = !!strchr(decoded, '\n'); - - free(decoded); - if (has_nl) - return -1; - - /* - * URLs which escape their root via "../" can overwrite - * the host field and previous components, resolving to - * URLs like https::example.com/submodule.git and - * https:///example.com/submodule.git that were - * susceptible to CVE-2020-11008. - */ - if (count_leading_dotdots(url, &next) > 0 && - (*next == ':' || *next == '/')) - return -1; - } - - else if (url_to_curl_url(url, &curl_url)) { - struct credential c = CREDENTIAL_INIT; - int ret = 0; - if (credential_from_url_gently(&c, curl_url, 1) || - !*c.host) - ret = -1; - credential_clear(&c); - return ret; - } - - return 0; -} - struct fsck_gitmodules_data { struct object *obj; struct fsck_options *options; @@ -1151,7 +989,7 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata) "disallowed submodule name: %s", name); if (!strcmp(key, "url") && value && - check_submodule_url(value) < 0) + looks_like_command_line_option(value)) data->ret |= report(data->options, data->obj, FSCK_MSG_GITMODULES_URL, "disallowed submodule url: %s", @@ -1162,12 +1000,6 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata) FSCK_MSG_GITMODULES_PATH, "disallowed submodule path: %s", value); - if (!strcmp(key, "update") && value && - parse_submodule_update_type(value) == SM_UPDATE_COMMAND) - data->ret |= report(data->options, data->obj, - FSCK_MSG_GITMODULES_UPDATE, - "disallowed submodule update setting: %s", - value); free(name); return 0; |