Commit 56948cb6 authored by Erik Faye-Lund's avatar Erik Faye-Lund Committed by Junio C Hamano

verify_path: consider dos drive prefix

If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.

Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.
Noticed-by: default avatarTheo Niessink <[email protected]>
Signed-off-by: Erik Faye-Lund's avatarErik Faye-Lund <[email protected]>
Signed-off-by: default avatarJunio C Hamano <[email protected]>
parent d1c69255
......@@ -774,11 +774,14 @@ int verify_path(const char *path)
{
char c;
if (has_dos_drive_prefix(path))
return 0;
goto inside;
for (;;) {
if (!c)
return 1;
if (c == '/') {
if (is_dir_sep(c)) {
inside:
c = *path++;
switch (c) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment