• Jeff King's avatar
    connect: reject paths that look like command line options · aeeb2d49
    Jeff King authored
    If we get a repo path like "-repo.git", we may try to invoke
    "git-upload-pack -repo.git". This is going to fail, since
    upload-pack will interpret it as a set of bogus options. But
    let's reject this before we even run the sub-program, since
    we would not want to allow any mischief with repo names that
    actually are real command-line options.
    You can still ask for such a path via git-daemon, but there's no
    security problem there, because git-daemon enters the repo itself
    and then passes "."  on the command line.
    Signed-off-by: default avatarJeff King <peff@peff.net>
    Reviewed-by: default avatarJonathan Nieder <jrnieder@gmail.com>
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
t5813-proto-disable-ssh.sh 1.28 KB