diff options
| author | Junio C Hamano <gitster@pobox.com> | 2024-05-13 18:29:15 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2024-05-13 18:29:15 -0700 |
| commit | 83f1add914c6b4682de1e944ec0d1ac043d53d78 (patch) | |
| tree | 019da832054b17c504a3000ddff3a39394c8daea /entry.c | |
| parent | 3e4a232f6e3bd3b7dd920bb07b21cf1c8b4e1a7f (diff) | |
| parent | 2c7b491c1d3107be35c375f59e040b0f13d0cc0c (diff) | |
| download | git-83f1add914c6b4682de1e944ec0d1ac043d53d78.tar.xz | |
Sync with Git 2.45.1
* tag 'v2.45.1': (42 commits)
Git 2.45.1
Git 2.44.1
Git 2.43.4
Git 2.42.2
Git 2.41.1
Git 2.40.2
Git 2.39.4
fsck: warn about symlink pointing inside a gitdir
core.hooksPath: add some protection while cloning
init.templateDir: consider this config setting protected
clone: prevent hooks from running during a clone
Add a helper function to compare file contents
init: refactor the template directory discovery into its own function
find_hook(): refactor the `STRIP_EXTENSION` logic
clone: when symbolic links collide with directories, keep the latter
entry: report more colliding paths
t5510: verify that D/F confusion cannot lead to an RCE
submodule: require the submodule path to contain directories only
clone_submodule: avoid using `access()` on directories
submodules: submodule paths must not contain symlinks
...
Diffstat (limited to 'entry.c')
| -rw-r--r-- | entry.c | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -460,7 +460,7 @@ static void mark_colliding_entries(const struct checkout *state, continue; if ((trust_ino && !match_stat_data(&dup->ce_stat_data, st)) || - (!trust_ino && !fspathcmp(ce->name, dup->name))) { + paths_collide(ce->name, dup->name)) { dup->ce_flags |= CE_MATCHED; break; } @@ -547,6 +547,20 @@ int checkout_entry_ca(struct cache_entry *ce, struct conv_attrs *ca, /* If it is a gitlink, leave it alone! */ if (S_ISGITLINK(ce->ce_mode)) return 0; + /* + * We must avoid replacing submodules' leading + * directories with symbolic links, lest recursive + * clones can write into arbitrary locations. + * + * Technically, this logic is not limited + * to recursive clones, or for that matter to + * submodules' paths colliding with symbolic links' + * paths. Yet it strikes a balance in favor of + * simplicity, and if paths are colliding, we might + * just as well keep the directories during a clone. + */ + if (state->clone && S_ISLNK(ce->ce_mode)) + return 0; remove_subtree(&path); } else if (unlink(path.buf)) return error_errno("unable to unlink old '%s'", path.buf); |