Merge branch 'win32-filenames-cannot-have-trailing-spaces-or-periods'

On Windows, filenames cannot have trailing spaces or periods, when opening such paths, they are stripped automatically. Read: you can open the file `README` via the file name `README . . .`. This ambiguity can be used in combination with other security bugs to cause e.g. remote code execution during recursive clones. This patch series fixes that. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
author: Johannes Schindelin <johannes.schindelin@gmx.de> 2019-09-16 13:26:40 +0200
committer: Johannes Schindelin <johannes.schindelin@gmx.de> 2019-12-05 15:37:09 +0100
commit: 65d30a19de282d781c59bb7f807459cb5b29de1e (patch)
tree: ce238c2e1919a98b6079d1d81c69d3e464d754c9 /read-cache.c
parent: Merge branch 'fix-mingw-quoting-bug' (diff)
parent: mingw: refuse to access paths with trailing spaces or periods (diff)
download: git-65d30a19de282d781c59bb7f807459cb5b29de1e.tar.gz
git-65d30a19de282d781c59bb7f807459cb5b29de1e.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/read-cache.c b/read-cache.c
index bde1e70c51..771171c402 100644
--- a/read-cache.c
+++ b/read-cache.c
@@ -847,6 +847,9 @@ int verify_path(const char *path, unsigned mode)
 	if (has_dos_drive_prefix(path))
 		return 0;
 
+	if (!is_valid_path(path))
+		return 0;
+
 	goto inside;
 	for (;;) {
 		if (!c)
author	Johannes Schindelin <johannes.schindelin@gmx.de>	2019-09-16 13:26:40 +0200
committer	Johannes Schindelin <johannes.schindelin@gmx.de>	2019-12-05 15:37:09 +0100
commit	65d30a19de282d781c59bb7f807459cb5b29de1e (patch)
tree	ce238c2e1919a98b6079d1d81c69d3e464d754c9 /read-cache.c
parent	Merge branch 'fix-mingw-quoting-bug' (diff)
parent	mingw: refuse to access paths with trailing spaces or periods (diff)
download	git-65d30a19de282d781c59bb7f807459cb5b29de1e.tar.gz git-65d30a19de282d781c59bb7f807459cb5b29de1e.zip