Re: Files with colons under Cygwin

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Giovanni Funchal" <gafunchal@gmail.com>
To: "Dmitry Potapov" <dpotapov@gmail.com>
Cc: git@vger.kernel.org, "Shawn O. Pearce" <spearce@spearce.org>
Subject: Re: Files with colons under Cygwin
Date: Sun, 5 Oct 2008 11:28:03 +0200	[thread overview]
Message-ID: <c475e2e60810050228g64a53842i7ecf8e61d37bf9bf@mail.gmail.com> (raw)
In-Reply-To: <20081004233945.GM21650@dpotapov.dyndns.org>

> Strange...  What version of Cygwin did you use?  When I tried this with
> Cygwin 1.5.25, I got the following error:
>
>  error: git checkout-index: unable to create file a:b (No medium found)

I'm on 1.5.25-15 on WinXP over a mounted network file system, but no
errors/warnings here...

Thanks for the clarifications and the patch,
-- Giovanni

On Sun, Oct 5, 2008 at 1:39 AM, Dmitry Potapov <dpotapov@gmail.com> wrote:
> On Thu, Oct 02, 2008 at 04:02:23PM +0200, Giovanni Funchal wrote:
>>
>> Cygwin does not allow files with colons, I think this is Windows stuff
>> one just can't avoid.
>
> At least, you cannot use colon in Win32 API. They say Windows "native"
> API has less restrictions over what symbols are not allowed in file
> names, but I guess it is still not allowed.
>
>> If you have files with colons in a git
>> repository and try pulling them on cygwin, the file is empty, its name
>> is truncated and the status is wrong.
>>
>> linux $ date > a:b
>> linux $ git init
>> linux $ git add a:b
>> linux $ git commit -m test
>> linux $ git push
>> cygwin $ git pull
>
> Strange...  What version of Cygwin did you use?  When I tried this with
> Cygwin 1.5.25, I got the following error:
>
>  error: git checkout-index: unable to create file a:b (No medium found)
>
> Apparently, Git tried to create 'b' file on the drive 'a', and creating
> files outside of the working tree is not a very good thing to do from
> the security point of view, as it can easily overwrite anything in
> c:/windows/.
>
> So, here is a patch. It basically disallow backslashes and colons in
> file names on Windows (whether it is MinGW or Cygwin).
>
> I wonder if the problem exists on Mac OS X too. From what I heard, it
> does not treat ':' as a normal symbol. But I have no access to Mac OS X,
> so here is a patch for Windows only.
>
> -- >8 --
> From: Dmitry Potapov <dpotapov@gmail.com>
> Date: Sat, 4 Oct 2008 22:57:19 +0400
> Subject: [PATCH] correct verify_path for Windows
>
> Colon and backslash in names may be used on Windows to overwrite files
> outside of the working directory.
>
> Signed-off-by: Dmitry Potapov <dpotapov@gmail.com>
> ---
>  read-cache.c |   10 ++++++++++
>  1 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/read-cache.c b/read-cache.c
> index 901064b..972592e 100644
> --- a/read-cache.c
> +++ b/read-cache.c
> @@ -701,6 +701,16 @@ inside:
>                        }
>                        return 0;
>                }
> +#if defined(_WIN32) || defined(__CYGWIN__)
> +               /*
> +                * There is a bunch of other characters that are not allowed
> +                * in Win32 API, but the following two create a security hole
> +                * by allowing to overwrite files outside of the working tree,
> +                * therefore they are explicitly prohibited.
> +                */
> +               else if (c == ':' || c == '\\')
> +                       return 0;
> +#endif
>                c = *path++;
>        }
>  }
> --
> 1.6.0.2.445.g1198
>
> -- >8 --
>

next prev parent reply	other threads:[~2008-10-05  9:30 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-02 14:02 Files with colons under Cygwin Giovanni Funchal
2008-10-04 23:39 ` Dmitry Potapov
2008-10-05  9:04   ` Alex Riesen
2008-10-05  9:14   ` Alex Riesen
2008-10-05 19:51     ` Dmitry Potapov
2008-10-05  9:28   ` Giovanni Funchal [this message]
2008-10-06  6:54   ` Johannes Sixt
2008-10-07  0:53     ` Dmitry Potapov
2008-10-07  6:13       ` Johannes Sixt
2008-10-07  2:05   ` Joshua Juran
2008-10-07  3:26     ` [PATCH v2] correct verify_path for Windows Dmitry Potapov
2008-10-07  6:18       ` Johannes Sixt
2008-10-11 16:33         ` Dmitry Potapov
2008-10-11 22:58           ` Alex Riesen
2008-10-12 13:50             ` Dmitry Potapov
2008-10-12 18:18               ` Alex Riesen
2008-10-13  6:00                 ` Johannes Sixt
2008-10-13  6:18                   ` Alex Riesen
2008-10-07  6:25       ` Alex Riesen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c475e2e60810050228g64a53842i7ecf8e61d37bf9bf@mail.gmail.com \
    --to=gafunchal@gmail.com \
    --cc=dpotapov@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=spearce@spearce.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).