blob: ec0227904c0547e45482a09a86dcf468764f9842 [file] [log] [blame]
From 7fc71c564889486b09bf88e588c88cf51be58dd1 Mon Sep 17 00:00:00 2001
From: Jeff King <peff@peff.net>
Date: Mon, 24 Sep 2018 04:37:17 -0400
Subject: fsck: detect submodule urls starting with dash
commit a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46 upstream.
Urls with leading dashes can cause mischief on older
versions of Git. We should detect them so that they can be
rejected by receive.fsckObjects, preventing modern versions
of git from being a vector by which attacks can spread.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
---
fsck.c | 7 +++++++
t/t7416-submodule-dash-url.sh | 15 +++++++++++++++
2 files changed, 22 insertions(+)
diff --git a/fsck.c b/fsck.c
index 921cd6a409..eebc89df61 100644
--- a/fsck.c
+++ b/fsck.c
@@ -93,6 +93,7 @@ static int oidhash_contains(struct hashmap *h, const struct object_id *oid)
FUNC(GITMODULES_PARSE, ERROR) \
FUNC(GITMODULES_NAME, ERROR) \
FUNC(GITMODULES_SYMLINK, ERROR) \
+ FUNC(GITMODULES_URL, ERROR) \
/* warnings */ \
FUNC(BAD_FILEMODE, WARN) \
FUNC(EMPTY_NAME, WARN) \
@@ -968,6 +969,12 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
FSCK_MSG_GITMODULES_NAME,
"disallowed submodule name: %s",
name);
+ if (!strcmp(key, "url") && value &&
+ looks_like_command_line_option(value))
+ data->ret |= report(data->options, data->obj,
+ FSCK_MSG_GITMODULES_URL,
+ "disallowed submodule url: %s",
+ value);
free(name);
return 0;
diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
index 459193c976..1cd2c1c1ea 100755
--- a/t/t7416-submodule-dash-url.sh
+++ b/t/t7416-submodule-dash-url.sh
@@ -20,6 +20,13 @@ test_expect_success 'clone can recurse submodule' '
test_cmp expect actual
'
+test_expect_success 'fsck accepts protected dash' '
+ test_when_finished "rm -rf dst" &&
+ git init --bare dst &&
+ git -C dst config transfer.fsckObjects true &&
+ git push dst HEAD
+'
+
test_expect_success 'remove ./ protection from .gitmodules url' '
perl -i -pe "s{\./}{}" .gitmodules &&
git commit -am "drop protection"
@@ -31,4 +38,12 @@ test_expect_success 'clone rejects unprotected dash' '
test_i18ngrep ignoring err
'
+test_expect_success 'fsck rejects unprotected dash' '
+ test_when_finished "rm -rf dst" &&
+ git init --bare dst &&
+ git -C dst config transfer.fsckObjects true &&
+ test_must_fail git push dst HEAD 2>err &&
+ grep gitmodulesUrl err
+'
+
test_done
--
2.19.0.605.g01d371f741