diff options
| author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2024-04-12 09:45:28 +0200 |
|---|---|---|
| committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2024-04-19 12:38:37 +0200 |
| commit | 93a88f42db7ed9a975768df0e5f4516317c50dda (patch) | |
| tree | 425bd4d9bc74c6a172a6d29e28c468158f094a96 /cache.h | |
| parent | repository: avoid leaking `fsmonitor` data (diff) | |
| parent | Git 2.39.4 (diff) | |
| download | git-93a88f42db7ed9a975768df0e5f4516317c50dda.tar.gz git-93a88f42db7ed9a975768df0e5f4516317c50dda.zip | |
Sync with 2.39.4
* maint-2.39: (38 commits)
Git 2.39.4
fsck: warn about symlink pointing inside a gitdir
core.hooksPath: add some protection while cloning
init.templateDir: consider this config setting protected
clone: prevent hooks from running during a clone
Add a helper function to compare file contents
init: refactor the template directory discovery into its own function
find_hook(): refactor the `STRIP_EXTENSION` logic
clone: when symbolic links collide with directories, keep the latter
entry: report more colliding paths
t5510: verify that D/F confusion cannot lead to an RCE
submodule: require the submodule path to contain directories only
clone_submodule: avoid using `access()` on directories
submodules: submodule paths must not contain symlinks
clone: prevent clashing git dirs when cloning submodule in parallel
t7423: add tests for symlinked submodule directories
has_dir_name(): do not get confused by characters < '/'
docs: document security issues around untrusted .git dirs
upload-pack: disable lazy-fetching by default
fetch/clone: detect dubious ownership of local repositories
...
Diffstat (limited to 'cache.h')
| -rw-r--r-- | cache.h | 27 |
1 files changed, 27 insertions, 0 deletions
@@ -610,6 +610,18 @@ void set_git_work_tree(const char *tree); #define ALTERNATE_DB_ENVIRONMENT "GIT_ALTERNATE_OBJECT_DIRECTORIES" +/* + * Check if a repository is safe and die if it is not, by verifying the + * ownership of the worktree (if any), the git directory, and the gitfile (if + * any). + * + * Exemptions for known-safe repositories can be added via `safe.directory` + * config settings; for non-bare repositories, their worktree needs to be + * added, for bare ones their git directory. + */ +void die_upon_dubious_ownership(const char *gitfile, const char *worktree, + const char *gitdir); + void setup_work_tree(void); /* * Find the commondir and gitdir of the repository that contains the current @@ -648,6 +660,7 @@ int path_inside_repo(const char *prefix, const char *path); #define INIT_DB_QUIET 0x0001 #define INIT_DB_EXIST_OK 0x0002 +const char *get_template_dir(const char *option_template); int init_db(const char *git_dir, const char *real_git_dir, const char *template_dir, int hash_algo, const char *initial_branch, unsigned int flags); @@ -1778,6 +1791,20 @@ int copy_fd(int ifd, int ofd); int copy_file(const char *dst, const char *src, int mode); int copy_file_with_time(const char *dst, const char *src, int mode); +/* + * Compare the file mode and contents of two given files. + * + * If both files are actually symbolic links, the function returns 1 if the link + * targets are identical or 0 if they are not. + * + * If any of the two files cannot be accessed or in case of read failures, this + * function returns 0. + * + * If the file modes and contents are identical, the function returns 1, + * otherwise it returns 0. + */ +int do_files_match(const char *path1, const char *path2); + void write_or_die(int fd, const void *buf, size_t count); void fsync_or_die(int fd, const char *); int fsync_component(enum fsync_component component, int fd); |