From: Johannes Sixt <j.sixt@viscovery.net>
To: Junio C Hamano <gitster@pobox.com>
Cc: Johannes Schindelin <Johannes.Schindelin@gmx.de>,
Shawn Bohrer <shawn.bohrer@gmail.com>,
git@vger.kernel.org
Subject: Re: [RFH/PATCH] prefix_path(): disallow absolute paths
Date: Tue, 29 Jan 2008 08:20:14 +0100 [thread overview]
Message-ID: <479ED3AE.5000403@viscovery.net> (raw)
In-Reply-To: <7vwspts9vj.fsf@gitster.siamese.dyndns.org>
Junio C Hamano schrieb:
> +static int sanitary_path_copy(char *dst, const char *src)
> {
> - const char *orig = path;
> + char *dst0 = dst;
> +
> + if (*src == '/') {
> + *dst++ = '/';
> + while (*src == '/')
> + src++;
> + }
Advance notice: In this function, tests of the kind *src == '/' need to be
turned into is_dir_sep(*src) when we port to Windows.
> + /* copy up to the next '/', and eat all '/' */
> + while ((c = *src++) != '\0' && c != '/')
> + *dst++ = c;
> if (c == '/') {
> - path += 2;
> - continue;
> - }
> - if (c != '.')
> + *dst++ = c;
*dst++ = '/';
will be needed on Windows to sanitize all is_dir_sep(c) to '/'.
> + while (c == '/')
> + c = *src++;
> + src--;
> + } else if (!c)
> break;
...
> +const char *prefix_path(const char *prefix, int len, const char *path)
> +{
> + const char *orig = path;
> + char *sanitized = xmalloc(len + strlen(path) + 1);
> + if (*orig == '/')
if (is_absolute_path(*orig))
> + strcpy(sanitized, path);
> + else {
> + if (len)
> + memcpy(sanitized, prefix, len);
> + strcpy(sanitized + len, path);
> }
> - return path;
> + if (sanitary_path_copy(sanitized, sanitized))
> + goto error_out;
> + if (*orig == '/') {
Ditto.
> + const char *work_tree = get_git_work_tree();
> + size_t len = strlen(work_tree);
> + if (strncmp(sanitized, work_tree, len) ||
> + (sanitized[len] != '\0' && sanitized[len] != '/')) {
> + error_out:
> + error("'%s' is outside repository", orig);
> + free(sanitized);
> + return NULL;
> + }
> + }
> + return sanitized;
> }
I appreciate this new sanitary_copy_path() because I expect that we will
need at least one less #ifdef __MINGW32__/#endif compared to our current
Windows port.
-- Hannes
next prev parent reply other threads:[~2008-01-29 7:20 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-23 15:14 git-clean buglet Johannes Sixt
2008-01-23 15:24 ` Johannes Sixt
2008-01-23 15:29 ` Johannes Schindelin
2008-01-23 15:40 ` Johannes Sixt
2008-01-27 19:55 ` [PATCH] Fix off by one error in prep_exclude Shawn Bohrer
2008-01-27 20:44 ` Johannes Schindelin
2008-01-27 21:15 ` Shawn Bohrer
2008-01-27 22:34 ` Junio C Hamano
2008-01-28 0:34 ` Shawn Bohrer
2008-01-28 0:37 ` Shawn Bohrer
2008-01-28 11:59 ` Johannes Schindelin
2008-01-28 12:04 ` Junio C Hamano
2008-01-28 2:52 ` Junio C Hamano
2008-01-28 7:12 ` Johannes Sixt
2008-01-28 8:46 ` Junio C Hamano
2008-01-28 9:05 ` Johannes Sixt
2008-01-28 9:22 ` Junio C Hamano
2008-01-28 12:33 ` [RFH/PATCH] prefix_path(): disallow absolute paths Johannes Schindelin
2008-01-28 15:05 ` [PATCH] " Johannes Schindelin
2008-01-29 1:23 ` [RFH/PATCH] " Junio C Hamano
2008-01-29 2:03 ` Junio C Hamano
2008-01-29 2:03 ` Junio C Hamano
2008-01-29 7:02 ` Junio C Hamano
2008-01-29 8:29 ` [PATCH] setup: sanitize absolute and funny paths in get_pathspec() Junio C Hamano
2008-02-01 4:07 ` [PATCH] Make blame accept absolute paths Robin Rosenberg
2008-02-01 4:34 ` [PATCH] More test cases for sanitized path names Robin Rosenberg
2008-02-01 7:17 ` Junio C Hamano
2008-02-01 9:10 ` Robin Rosenberg
2008-02-01 10:22 ` Junio C Hamano
2008-02-01 10:51 ` Junio C Hamano
2008-02-01 11:10 ` Junio C Hamano
2008-02-01 14:17 ` Robin Rosenberg
2008-02-01 17:45 ` Junio C Hamano
2008-02-01 9:16 ` Karl Hasselström
2008-02-01 9:50 ` [PATCH for post 1.5.4] Sane use of test_expect_failure Junio C Hamano
2008-02-02 10:06 ` [PATCH] " Junio C Hamano
2008-03-07 8:23 ` [PATCH] More test cases for sanitized path names Junio C Hamano
2008-03-07 15:24 ` Robin Rosenberg
2008-01-29 2:37 ` [RFH/PATCH] prefix_path(): disallow absolute paths Johannes Schindelin
2008-01-29 2:45 ` Junio C Hamano
2008-01-29 2:59 ` Johannes Schindelin
2008-01-29 7:20 ` Johannes Sixt [this message]
2008-01-29 7:28 ` Junio C Hamano
2008-01-29 7:43 ` Johannes Sixt
2008-01-29 8:31 ` Junio C Hamano
2008-01-29 21:53 ` しらいしななこ
2008-01-30 0:43 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=479ED3AE.5000403@viscovery.net \
--to=j.sixt@viscovery.net \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=shawn.bohrer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).