Re: Files with colons under Cygwin

[Dmitry Potapov <dpotapov@gmail.com>]

On Thu, Oct 02, 2008 at 04:02:23PM +0200, Giovanni Funchal wrote:
> 
> Cygwin does not allow files with colons, I think this is Windows stuff
> one just can't avoid. 

At least, you cannot use colon in Win32 API. They say Windows "native"
API has less restrictions over what symbols are not allowed in file
names, but I guess it is still not allowed.

> If you have files with colons in a git
> repository and try pulling them on cygwin, the file is empty, its name
> is truncated and the status is wrong.
> 
> linux $ date > a:b
> linux $ git init
> linux $ git add a:b
> linux $ git commit -m test
> linux $ git push
> cygwin $ git pull

Strange...  What version of Cygwin did you use?  When I tried this with
Cygwin 1.5.25, I got the following error:

  error: git checkout-index: unable to create file a:b (No medium found)

Apparently, Git tried to create 'b' file on the drive 'a', and creating
files outside of the working tree is not a very good thing to do from
the security point of view, as it can easily overwrite anything in
c:/windows/.

So, here is a patch. It basically disallow backslashes and colons in
file names on Windows (whether it is MinGW or Cygwin).

I wonder if the problem exists on Mac OS X too. From what I heard, it
does not treat ':' as a normal symbol. But I have no access to Mac OS X,
so here is a patch for Windows only.

-- >8 --
From: Dmitry Potapov <dpotapov@gmail.com>
Date: Sat, 4 Oct 2008 22:57:19 +0400
Subject: [PATCH] correct verify_path for Windows

Colon and backslash in names may be used on Windows to overwrite files
outside of the working directory.

Signed-off-by: Dmitry Potapov <dpotapov@gmail.com>
---
 read-cache.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/read-cache.c b/read-cache.c
index 901064b..972592e 100644
--- a/read-cache.c
+++ b/read-cache.c
@@ -701,6 +701,16 @@ inside:
 			}
 			return 0;
 		}
+#if defined(_WIN32) || defined(__CYGWIN__)
+		/*
+		 * There is a bunch of other characters that are not allowed
+		 * in Win32 API, but the following two create a security hole
+		 * by allowing to overwrite files outside of the working tree,
+		 * therefore they are explicitly prohibited.
+		 */
+		else if (c == ':' || c == '\\')
+			return 0;
+#endif
 		c = *path++;
 	}
 }
-- 
1.6.0.2.445.g1198

-- >8 --