зеркало из https://github.com/microsoft/git.git
Merge branch 'rs/daemon-sanitize-dir-sep'
"git daemon" has been tightened against systems that take backslash as directory separator. * rs/daemon-sanitize-dir-sep: daemon: sanitize all directory separators
This commit is contained in:
Junio C Hamano
Коммит
bde35a2a93
8
daemon.c
8
daemon.c
|
|
@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host,
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Sanitize a string from the client so that it's OK to be inserted into a
|
* Sanitize a string from the client so that it's OK to be inserted into a
|
||||||
* filesystem path. Specifically, we disallow slashes, runs of "..", and
|
* filesystem path. Specifically, we disallow directory separators, runs
|
||||||
* trailing and leading dots, which means that the client cannot escape
|
* of "..", and trailing and leading dots, which means that the client
|
||||||
* our base path via ".." traversal.
|
* cannot escape our base path via ".." traversal.
|
||||||
*/
|
*/
|
||||||
static void sanitize_client(struct strbuf *out, const char *in)
|
static void sanitize_client(struct strbuf *out, const char *in)
|
||||||
{
|
{
|
||||||
for (; *in; in++) {
|
for (; *in; in++) {
|
||||||
if (*in == '/')
|
if (is_dir_sep(*in))
|
||||||
continue;
|
continue;
|
||||||
if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
|
if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
|
||||||
continue;
|
continue;
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче