From 0ef46f48d7c8563d6f8081b0c83938812f820622 Mon Sep 17 00:00:00 2001 From: Elijah Newren Date: Sat, 23 Nov 2024 20:02:16 -0800 Subject: [PATCH] fast-import: disallow "." and ".." path components If a user specified e.g. M 100644 :1 ../some-file then fast-import previously would happily create a git history where there is a tree in the top-level directory named "..", and with a file inside that directory named "some-file". The top-level ".." directory causes problems. While git checkout will die with errors and fsck will report hasDotdot problems, the user is going to have problems trying to remove the problematic file. Simply avoid creating this bad history in the first place. Signed-off-by: Elijah Newren --- builtin/fast-import.c | 3 +++ t/t9300-fast-import.sh | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/builtin/fast-import.c b/builtin/fast-import.c index 76d5c20f141f42..e0e0ca3657a681 100644 --- a/builtin/fast-import.c +++ b/builtin/fast-import.c @@ -1466,6 +1466,9 @@ static int tree_content_set( root->tree = t = grow_tree_content(t, t->entry_count); e = new_tree_entry(); e->name = to_atom(p, n); + if (!strcmp(e->name->str_dat, ".") || !strcmp(e->name->str_dat, "..")) { + die("path %s contains invalid component", p); + } e->versions[0].mode = 0; oidclr(&e->versions[0].oid, the_repository->hash_algo); t->entries[t->entry_count++] = e; diff --git a/t/t9300-fast-import.sh b/t/t9300-fast-import.sh index 6224f54d4d26ce..caf3dc003a028b 100755 --- a/t/t9300-fast-import.sh +++ b/t/t9300-fast-import.sh @@ -522,6 +522,26 @@ test_expect_success 'B: fail on invalid committer (5)' ' test_must_fail git fast-import input <<-INPUT_END && + blob + mark :1 + data < $GIT_COMMITTER_DATE + data <