diff options
| author | Johannes Sixt <j6t@kdbg.org> | 2025-04-21 17:07:10 +0200 |
|---|---|---|
| committer | Taylor Blau <me@ttaylorr.com> | 2025-05-23 17:04:23 -0400 |
| commit | c2e8904258544f3d79dc4e96d1269c0ad8124db3 (patch) | |
| tree | 765508ff33690a5d1b7e3c7c7c3fb1070c74215a /lib/sshkey.tcl | |
| parent | 8255167b26003767b0ab50f498ffec33f80c2ef2 (diff) | |
| download | git-c2e8904258544f3d79dc4e96d1269c0ad8124db3.tar.xz | |
git-gui: treat file names beginning with "|" as relative paths
The Tcl 'open' function has a very wide interface. It can open files as
well as pipes to external processes. The difference is made only by the
first character of the file name: if it is "|", a process is spawned.
We have a number of calls of Tcl 'open' that take a file name from the
environment in which Git GUI is running. Be prepared that insane values
are injected. In particular, when we intend to open a file, do not take
a file name that happens to begin with "|" as a request to run a process.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Diffstat (limited to 'lib/sshkey.tcl')
| -rw-r--r-- | lib/sshkey.tcl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/sshkey.tcl b/lib/sshkey.tcl index 589ff8f78a..2e006cb8ca 100644 --- a/lib/sshkey.tcl +++ b/lib/sshkey.tcl @@ -7,7 +7,7 @@ proc find_ssh_key {} { ~/.ssh/id_rsa.pub ~/.ssh/identity.pub } { if {[file exists $name]} { - set fh [open $name r] + set fh [safe_open_file $name r] set cont [read $fh] close $fh return [list $name $cont] |