diff options
| author | Johannes Sixt <j6t@kdbg.org> | 2025-07-08 20:46:24 +0200 |
|---|---|---|
| committer | Johannes Sixt <j6t@kdbg.org> | 2025-07-08 20:48:25 +0200 |
| commit | 0c8be6f09043e152493e369be8469d645098469f (patch) | |
| tree | 575776e3f68d86c02699d30adb1f2e6f81762f03 /gitk | |
| parent | bfb0fa7099e541c15d103b75f453f613a751da03 (diff) | |
| parent | 8e3070aa5e331be45d4d03e3be41f84494fce129 (diff) | |
| download | git-0c8be6f09043e152493e369be8469d645098469f.tar.xz | |
Merge branch 'ah/fix-open-with-stdin'
This addresses CVE-2025-27614, Arbitrary command execution with Gitk:
A Git repository can be crafted in such a way that with some social
engineering a user who has cloned the repository can be tricked into
running any script (e.g., Bourne shell, Perl, Python, ...) supplied by
the attacker by invoking `gitk filename`, where `filename` has a
particular structure. The script is run with the privileges of the user.
* ah/fix-open-with-stdin:
gitk: encode arguments correctly with "open"
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Diffstat (limited to 'gitk')
| -rwxr-xr-x | gitk | 19 |
1 files changed, 3 insertions, 16 deletions
@@ -457,16 +457,6 @@ proc parseviewrevs {view revs} { return $ret } -# Escapes a list of filter paths to be passed to git log via stdin. Note that -# paths must not be quoted. -proc escape_filter_paths {paths} { - set escaped [list] - foreach path $paths { - lappend escaped [string map {\\ \\\\ "\ " "\\\ "} $path] - } - return $escaped -} - # Start off a git log process and arrange to read its output proc start_rev_list {view} { global startmsecs commitidx viewcomplete curview @@ -528,8 +518,7 @@ proc start_rev_list {view} { if {[catch { set fd [open [concat | git log --no-color -z --pretty=raw $show_notes \ --parents --boundary $args --stdin \ - "<<[join [concat $revs "--" \ - [escape_filter_paths $files]] "\\n"]"] r] + [list "<<[join [concat $revs "--" $files] "\n"]"]] r] } err]} { error_popup "[mc "Error executing git log:"] $err" return 0 @@ -682,9 +671,7 @@ proc updatecommits {} { if {[catch { set fd [open [concat | git log --no-color -z --pretty=raw $show_notes \ --parents --boundary $args --stdin \ - "<<[join [concat $revs "--" \ - [escape_filter_paths \ - $vfilelimit($view)]] "\\n"]"] r] + [list "<<[join [concat $revs "--" $vfilelimit($view)] "\n"]"]] r] } err]} { error_popup "[mc "Error executing git log:"] $err" return @@ -10376,7 +10363,7 @@ proc getallcommits {} { if {$ids eq "--all"} { set cmd [concat $cmd "--all"] } else { - set cmd [concat $cmd --stdin "<<[join $ids "\\n"]"] + set cmd [concat $cmd --stdin [list "<<[join $ids "\n"]"]] } set fd [open $cmd r] fconfigure $fd -blocking 0 |