From: Junio C Hamano <gitster@pobox.com>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Cc: Johannes Sixt <j.sixt@viscovery.net>,
Shawn Bohrer <shawn.bohrer@gmail.com>,
git@vger.kernel.org
Subject: Re: [RFH/PATCH] prefix_path(): disallow absolute paths
Date: Mon, 28 Jan 2008 18:03:14 -0800 [thread overview]
Message-ID: <7vbq75s80t.fsf@gitster.siamese.dyndns.org> (raw)
In-Reply-To: <7vwspts9vj.fsf@gitster.siamese.dyndns.org> (Junio C. Hamano's message of "Mon, 28 Jan 2008 17:23:12 -0800")
Junio C Hamano <gitster@pobox.com> writes:
> I suspect that the right approach might be something like the
> attached patch. It introduces a version of prefix_path() that
> sanitizes path (but not prefix part, which comes from git itself
> and hopefully there should not be a need to sanitize it) while
> doing the prefixing. It also strips the leading absolute path
> to the repository by comparing it with the value of work_tree.
>
> A few things to note.
>
> * Your mv fix is rolled in.
>
> * This allows you to name a in-repository file as `pwd`/file,
> or `pwd`//file (iow, double-slash is also sanitized). It may
> kill the bird in another thread nearby.
>
> * get_pathspec() drops paths outside of repository, so the
> caller may end up getting a smaller number of paths than it
> originally gave it. If an existing caller expects the same
> number of paths to come back, it needs to be adjusted (I did
> not check). We could alternatively die() but I couldn't
> decide which one is a better behaviour.
This is the kind of "fixing existing callers" that would be
needed if we take this approach.
builtin-ls-files.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/builtin-ls-files.c b/builtin-ls-files.c
index 0f0ab2d..3801cf4 100644
--- a/builtin-ls-files.c
+++ b/builtin-ls-files.c
@@ -572,8 +572,17 @@ int cmd_ls_files(int argc, const char **argv, const char *prefix)
pathspec = get_pathspec(prefix, argv + i);
/* Verify that the pathspec matches the prefix */
- if (pathspec)
+ if (pathspec) {
+ if (argc != i) {
+ int cnt;
+ for (cnt = 0; pathspec[cnt]; cnt++)
+ ;
+ if (cnt != (argc - i))
+ exit(1); /* error message already given */
+ }
prefix = verify_pathspec(prefix);
+ } else if (argc != i)
+ exit(1); /* error message already given */
/* Treat unmatching pathspec elements as errors */
if (pathspec && error_unmatch) {
next prev parent reply other threads:[~2008-01-29 2:04 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-23 15:14 git-clean buglet Johannes Sixt
2008-01-23 15:24 ` Johannes Sixt
2008-01-23 15:29 ` Johannes Schindelin
2008-01-23 15:40 ` Johannes Sixt
2008-01-27 19:55 ` [PATCH] Fix off by one error in prep_exclude Shawn Bohrer
2008-01-27 20:44 ` Johannes Schindelin
2008-01-27 21:15 ` Shawn Bohrer
2008-01-27 22:34 ` Junio C Hamano
2008-01-28 0:34 ` Shawn Bohrer
2008-01-28 0:37 ` Shawn Bohrer
2008-01-28 11:59 ` Johannes Schindelin
2008-01-28 12:04 ` Junio C Hamano
2008-01-28 2:52 ` Junio C Hamano
2008-01-28 7:12 ` Johannes Sixt
2008-01-28 8:46 ` Junio C Hamano
2008-01-28 9:05 ` Johannes Sixt
2008-01-28 9:22 ` Junio C Hamano
2008-01-28 12:33 ` [RFH/PATCH] prefix_path(): disallow absolute paths Johannes Schindelin
2008-01-28 15:05 ` [PATCH] " Johannes Schindelin
2008-01-29 1:23 ` [RFH/PATCH] " Junio C Hamano
2008-01-29 2:03 ` Junio C Hamano
2008-01-29 2:03 ` Junio C Hamano [this message]
2008-01-29 7:02 ` Junio C Hamano
2008-01-29 8:29 ` [PATCH] setup: sanitize absolute and funny paths in get_pathspec() Junio C Hamano
2008-02-01 4:07 ` [PATCH] Make blame accept absolute paths Robin Rosenberg
2008-02-01 4:34 ` [PATCH] More test cases for sanitized path names Robin Rosenberg
2008-02-01 7:17 ` Junio C Hamano
2008-02-01 9:10 ` Robin Rosenberg
2008-02-01 10:22 ` Junio C Hamano
2008-02-01 10:51 ` Junio C Hamano
2008-02-01 11:10 ` Junio C Hamano
2008-02-01 14:17 ` Robin Rosenberg
2008-02-01 17:45 ` Junio C Hamano
2008-02-01 9:16 ` Karl Hasselström
2008-02-01 9:50 ` [PATCH for post 1.5.4] Sane use of test_expect_failure Junio C Hamano
2008-02-02 10:06 ` [PATCH] " Junio C Hamano
2008-03-07 8:23 ` [PATCH] More test cases for sanitized path names Junio C Hamano
2008-03-07 15:24 ` Robin Rosenberg
2008-01-29 2:37 ` [RFH/PATCH] prefix_path(): disallow absolute paths Johannes Schindelin
2008-01-29 2:45 ` Junio C Hamano
2008-01-29 2:59 ` Johannes Schindelin
2008-01-29 7:20 ` Johannes Sixt
2008-01-29 7:28 ` Junio C Hamano
2008-01-29 7:43 ` Johannes Sixt
2008-01-29 8:31 ` Junio C Hamano
2008-01-29 21:53 ` しらいしななこ
2008-01-30 0:43 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vbq75s80t.fsf@gitster.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=j.sixt@viscovery.net \
--cc=shawn.bohrer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.