[JGIT PATCH 3/3] Don't permit '.' or '..' in tree entries

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Shawn O. Pearce" <spearce@spearce.org>
To: Robin Rosenberg <robin.rosenberg@dewire.com>
Cc: git@vger.kernel.org
Subject: [JGIT PATCH 3/3] Don't permit '.' or '..' in tree entries
Date: Thu, 30 Oct 2008 10:46:25 -0700	[thread overview]
Message-ID: <1225388785-26818-4-git-send-email-spearce@spearce.org> (raw)
In-Reply-To: <1225388785-26818-3-git-send-email-spearce@spearce.org>

A Git tree must not have '.' or '..' within the structure as these
names are reserved in every directory by the client operating system.

Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
---
 .../org/spearce/jgit/lib/ObjectCheckerTest.java    |   31 ++++++++++++++++++++
 .../src/org/spearce/jgit/lib/ObjectChecker.java    |    7 ++++
 2 files changed, 38 insertions(+), 0 deletions(-)

diff --git a/org.spearce.jgit.test/tst/org/spearce/jgit/lib/ObjectCheckerTest.java b/org.spearce.jgit.test/tst/org/spearce/jgit/lib/ObjectCheckerTest.java
index fa37fb5..7befde8 100644
--- a/org.spearce.jgit.test/tst/org/spearce/jgit/lib/ObjectCheckerTest.java
+++ b/org.spearce.jgit.test/tst/org/spearce/jgit/lib/ObjectCheckerTest.java
@@ -980,6 +980,13 @@ public void testValidTree5() throws CorruptObjectException {
 		checker.checkTree(data);
 	}
 
+	public void testValidTree6() throws CorruptObjectException {
+		final StringBuilder b = new StringBuilder();
+		entry(b, "100644 .a");
+		final byte[] data = Constants.encodeASCII(b.toString());
+		checker.checkTree(data);
+	}
+
 	public void testValidTreeSorting1() throws CorruptObjectException {
 		final StringBuilder b = new StringBuilder();
 		entry(b, "100644 fooaaa");
@@ -1166,6 +1173,30 @@ public void testInvalidTreeNameIsEmpty() {
 		}
 	}
 
+	public void testInvalidTreeNameIsDot() {
+		final StringBuilder b = new StringBuilder();
+		entry(b, "100644 .");
+		final byte[] data = Constants.encodeASCII(b.toString());
+		try {
+			checker.checkTree(data);
+			fail("incorrectly accepted an invalid tree");
+		} catch (CorruptObjectException e) {
+			assertEquals("invalid name '.'", e.getMessage());
+		}
+	}
+
+	public void testInvalidTreeNameIsDotDot() {
+		final StringBuilder b = new StringBuilder();
+		entry(b, "100644 ..");
+		final byte[] data = Constants.encodeASCII(b.toString());
+		try {
+			checker.checkTree(data);
+			fail("incorrectly accepted an invalid tree");
+		} catch (CorruptObjectException e) {
+			assertEquals("invalid name '..'", e.getMessage());
+		}
+	}
+
 	public void testInvalidTreeTruncatedInName() {
 		final StringBuilder b = new StringBuilder();
 		b.append("100644 b");
diff --git a/org.spearce.jgit/src/org/spearce/jgit/lib/ObjectChecker.java b/org.spearce.jgit/src/org/spearce/jgit/lib/ObjectChecker.java
index d403119..b303d6f 100644
--- a/org.spearce.jgit/src/org/spearce/jgit/lib/ObjectChecker.java
+++ b/org.spearce.jgit/src/org/spearce/jgit/lib/ObjectChecker.java
@@ -318,6 +318,13 @@ public void checkTree(final byte[] raw) throws CorruptObjectException {
 			}
 			if (thisNameB + 1 == ptr)
 				throw new CorruptObjectException("zero length name");
+			if (raw[thisNameB] == '.') {
+				final int nameLen = (ptr - 1) - thisNameB;
+				if (nameLen == 1)
+					throw new CorruptObjectException("invalid name '.'");
+				if (nameLen == 2 && raw[thisNameB + 1] == '.')
+					throw new CorruptObjectException("invalid name '..'");
+			}
 			if (duplicateName(raw, thisNameB, ptr - 1))
 				throw new CorruptObjectException("duplicate entry names");
 
-- 
1.6.0.3.756.gb776d

next prev parent reply	other threads:[~2008-10-30 17:48 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-30 17:46 [JGIT PATCH 0/3] Improved object validation Shawn O. Pearce
2008-10-30 17:46 ` [JGIT PATCH 1/3] Check object connectivity during fetch if fsck is enabled Shawn O. Pearce
2008-10-30 17:46   ` [JGIT PATCH 2/3] Add --[no-]thin and --[no-]fsck optiosn to fetch command line tool Shawn O. Pearce
2008-10-30 17:46     ` Shawn O. Pearce [this message]
2008-10-31  0:01 ` [JGIT PATCH 0/3] Improved object validation Robin Rosenberg
2008-10-31 14:55   ` Shawn O. Pearce

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fa37fb5 dfblob:7befde8 dfblob:d403119 dfblob:b303d6f )
 OR (
bs:"[JGIT PATCH 3/3] Don't permit '.' or '..' in tree entries" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1225388785-26818-4-git-send-email-spearce@spearce.org \
    --to=spearce@spearce.org \
    --cc=git@vger.kernel.org \
    --cc=robin.rosenberg@dewire.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).