From 4be2aa57c9b512d45b4071b71d0b93f3bf7e18d6 Mon Sep 17 00:00:00 2001 From: Edward Thomson Date: Tue, 16 Feb 2016 18:50:08 +0000 Subject: [PATCH 1/4] win32: tests around handling forbidden paths Introduce a repository that contains some paths that were illegal on PC-DOS circa 1981 (like `aux`, `con`, `com1`) and that in a bizarre fit of retrocomputing, remain illegal on some "modern" computers, despite being "new technology". Introduce some aspirational tests that suggest that we should be able to cope with trees and indexes that contain paths that would be illegal on the filesystem, so that we can at least diff them. Further ensure that checkout will not write a repository with forbidden paths. --- tests/resources/win32-forbidden/.gitted/HEAD | Bin 0 -> 23 bytes .../resources/win32-forbidden/.gitted/config | Bin 0 -> 137 bytes tests/resources/win32-forbidden/.gitted/index | Bin 0 -> 577 bytes .../win32-forbidden/.gitted/info/exclude | Bin 0 -> 240 bytes .../10/68072702a28a82c78902cf5bf82c3864cf4356 | Bin 0 -> 143 bytes .../17/6a458f94e0ea5272ce67c36bf30b6be9caf623 | Bin 0 -> 28 bytes .../2d/7445a749d25269f32724aa621cb70b196bcc40 | Bin 0 -> 105 bytes .../34/96991d72d500af36edef68bbfcccd1661d88db | Bin 0 -> 143 bytes .../8f/45aad6f23b9509f8786c617e19c127ae76609a | Bin 0 -> 73 bytes .../da/623abd956bb2fd8052c708c7ed43f05d192d37 | Bin 0 -> 59 bytes .../ea/c7621a652e5261ef1c1d3e7ae31b0d84fcbaba | Bin 0 -> 137 bytes .../win32-forbidden/.gitted/refs/heads/master | Bin 0 -> 41 bytes tests/win32/forbidden.c | 183 ++++++++++++++++++ 13 files changed, 183 insertions(+) create mode 100644 tests/resources/win32-forbidden/.gitted/HEAD create mode 100644 tests/resources/win32-forbidden/.gitted/config create mode 100644 tests/resources/win32-forbidden/.gitted/index create mode 100644 tests/resources/win32-forbidden/.gitted/info/exclude create mode 100644 tests/resources/win32-forbidden/.gitted/objects/10/68072702a28a82c78902cf5bf82c3864cf4356 create mode 100644 tests/resources/win32-forbidden/.gitted/objects/17/6a458f94e0ea5272ce67c36bf30b6be9caf623 create mode 100644 tests/resources/win32-forbidden/.gitted/objects/2d/7445a749d25269f32724aa621cb70b196bcc40 create mode 100644 tests/resources/win32-forbidden/.gitted/objects/34/96991d72d500af36edef68bbfcccd1661d88db create mode 100644 tests/resources/win32-forbidden/.gitted/objects/8f/45aad6f23b9509f8786c617e19c127ae76609a create mode 100644 tests/resources/win32-forbidden/.gitted/objects/da/623abd956bb2fd8052c708c7ed43f05d192d37 create mode 100644 tests/resources/win32-forbidden/.gitted/objects/ea/c7621a652e5261ef1c1d3e7ae31b0d84fcbaba create mode 100644 tests/resources/win32-forbidden/.gitted/refs/heads/master create mode 100644 tests/win32/forbidden.c diff --git a/tests/resources/win32-forbidden/.gitted/HEAD b/tests/resources/win32-forbidden/.gitted/HEAD new file mode 100644 index 0000000000000000000000000000000000000000..cb089cd89a7d7686d284d8761201649346b5aa1c GIT binary patch literal 23 ecmXR)O|w!cN=+-)&qz&7Db~+TEG|hc;sO9;xClW2 literal 0 HcmV?d00001 diff --git a/tests/resources/win32-forbidden/.gitted/config b/tests/resources/win32-forbidden/.gitted/config new file mode 100644 index 0000000000000000000000000000000000000000..6c9406b7d9320db083eca69b3f8bee9a6c7b50d4 GIT binary patch literal 137 zcmYk#%?-jZ3KJaaM(b)IThRcka) zn6vinzTI-FENHqTG;JZL7ug4u#6zM7i5Th{J5BgE#z&9!LjG%xu(tTZ>RkRd-|~Df A#{d8T literal 0 HcmV?d00001 diff --git a/tests/resources/win32-forbidden/.gitted/index b/tests/resources/win32-forbidden/.gitted/index new file mode 100644 index 0000000000000000000000000000000000000000..1202dd9f4ae5b5246426b4b7bdc787a12af44248 GIT binary patch literal 577 zcmZ?q402{*U|<4b_OQdze}OaujAmqDU}3rwx0->WaR~zh<5!@R2oUp#XSw!IdGIQz z=v?~Y?9bfUFHe0_X5iCH&n!tSDJjZKDlJJZhL|Jy2bqSLXZjY+JiS{5F=8+@FfcPQQP4}zEJ-XWDauSLElDkA5YKY$pYq^UP|>;c z!`Yv?vtOS2rVLf-?C-~LE6Hl_)a*@v8-k8=9DnQlAy!h?94hToP-2KrJ~1&-ucV@c xq2G1YwNKVlIe%2-B-TkDR9{z?Fbir#Vrd0F6VftsQVAJRRaJ#k2>{B;WqZ3*KK=jz literal 0 HcmV?d00001 diff --git a/tests/resources/win32-forbidden/.gitted/objects/17/6a458f94e0ea5272ce67c36bf30b6be9caf623 b/tests/resources/win32-forbidden/.gitted/objects/17/6a458f94e0ea5272ce67c36bf30b6be9caf623 new file mode 100644 index 0000000000000000000000000000000000000000..ef83166706c43aabd3c68d155be9c92a23960f0f GIT binary patch literal 28 kcmb5Fkmn=FfcPQQE>M6W4M)MwRdXvroRnA$2pF_b^Z`5scR0E z_9-Ya#3!Gan5b7$QNqygy6V~|>#3YSDsmF*BoC^uD@&LKH6pRJ0-p(KnK`M1jHs%r L!l?uR{HIf1PD3w2 literal 0 HcmV?d00001 diff --git a/tests/resources/win32-forbidden/.gitted/objects/34/96991d72d500af36edef68bbfcccd1661d88db b/tests/resources/win32-forbidden/.gitted/objects/34/96991d72d500af36edef68bbfcccd1661d88db new file mode 100644 index 0000000000000000000000000000000000000000..71b6172c6f2251f9856b8aca747f384abefd1bff GIT binary patch literal 143 zcmV;A0C4|!0hNu-3IZV%gDmYHPeg?fjXLZg8AIH_4 zQ-=x7p*Qbgq6(>Inlj7KB6AuIWiH4ijKNU}7X+7z*uBTv;JUtTTj3sS-fDr_5BhDF xN9u83POj!NOhQVm?@mGXdPDv}Hc fsJ9SRioz?lFMi#hOzsp>a%59Po8VGq(58w PWV-n4LPmyA=vW?n|4-5{P)jpHIHmx(BnI=xmETB9~wSLRJ}k3 literal 0 HcmV?d00001 diff --git a/tests/resources/win32-forbidden/.gitted/refs/heads/master b/tests/resources/win32-forbidden/.gitted/refs/heads/master new file mode 100644 index 0000000000000000000000000000000000000000..47fce0fe39569818eddb5d138ebca052246eafa2 GIT binary patch literal 41 ucmV~$K>+|D2m`>sX+(5F9AVHuf_J(d?!vox=6tOvR>LAXGbw=3j4?jzS__*1 literal 0 HcmV?d00001 diff --git a/tests/win32/forbidden.c b/tests/win32/forbidden.c new file mode 100644 index 000000000..e02f41179 --- /dev/null +++ b/tests/win32/forbidden.c @@ -0,0 +1,183 @@ +#include "clar_libgit2.h" + +#include "repository.h" +#include "buffer.h" +#include "submodule.h" + +static const char *repo_name = "win32-forbidden"; +static git_repository *repo; + +void test_win32_forbidden__initialize(void) +{ + repo = cl_git_sandbox_init(repo_name); +} + +void test_win32_forbidden__cleanup(void) +{ + cl_git_sandbox_cleanup(); +} + +void test_win32_forbidden__can_open_index(void) +{ + git_index *index; + cl_git_pass(git_repository_index(&index, repo)); + cl_assert_equal_i(7, git_index_entrycount(index)); + + /* ensure we can even write the unmodified index */ + cl_git_pass(git_index_write(index)); + + git_index_free(index); +} + +void test_win32_forbidden__can_add_forbidden_filename_with_entry(void) +{ + git_index *index; + git_index_entry entry = {{0}}; + + cl_git_pass(git_repository_index(&index, repo)); + + entry.path = "aux"; + entry.mode = GIT_FILEMODE_BLOB; + git_oid_fromstr(&entry.id, "da623abd956bb2fd8052c708c7ed43f05d192d37"); + + cl_git_pass(git_index_add(index, &entry)); + + git_index_free(index); +} + +void test_win32_forbidden__cannot_add_dot_git_even_with_entry(void) +{ + git_index *index; + git_index_entry entry = {{0}}; + + cl_git_pass(git_repository_index(&index, repo)); + + entry.path = "foo/.git"; + entry.mode = GIT_FILEMODE_BLOB; + git_oid_fromstr(&entry.id, "da623abd956bb2fd8052c708c7ed43f05d192d37"); + + cl_git_fail(git_index_add(index, &entry)); + + git_index_free(index); +} + +void test_win32_forbidden__cannot_add_forbidden_filename_from_filesystem(void) +{ + git_index *index; + + /* since our function calls are very low-level, we can create `aux.`, + * but we should not be able to add it to the index + */ + cl_git_pass(git_repository_index(&index, repo)); + cl_git_write2file("win32-forbidden/aux.", "foo\n", 4, O_RDWR | O_CREAT, 0666); + +#ifdef GIT_WIN32 + cl_git_fail(git_index_add_bypath(index, "aux.")); +#else + cl_git_pass(git_index_add_bypath(index, "aux.")); +#endif + + cl_must_pass(p_unlink("win32-forbidden/aux.")); + git_index_free(index); +} + +static int dummy_submodule_cb( + git_submodule *sm, const char *name, void *payload) +{ + GIT_UNUSED(sm); + GIT_UNUSED(name); + GIT_UNUSED(payload); + return 0; +} + +void test_win32_forbidden__can_diff_tree_to_index(void) +{ + git_diff *diff; + git_tree *tree; + + cl_git_pass(git_repository_head_tree(&tree, repo)); + cl_git_pass(git_diff_tree_to_index(&diff, repo, tree, NULL, NULL)); + cl_assert_equal_i(0, git_diff_num_deltas(diff)); + git_diff_free(diff); + git_tree_free(tree); +} + +void test_win32_forbidden__can_diff_tree_to_tree(void) +{ + git_diff *diff; + git_tree *tree; + + cl_git_pass(git_repository_head_tree(&tree, repo)); + cl_git_pass(git_diff_tree_to_tree(&diff, repo, tree, tree, NULL)); + cl_assert_equal_i(0, git_diff_num_deltas(diff)); + git_diff_free(diff); + git_tree_free(tree); +} + +void test_win32_forbidden__can_diff_index_to_workdir(void) +{ + git_index *index; + git_diff *diff; + const git_diff_delta *delta; + git_tree *tree; + size_t i; + + cl_git_pass(git_repository_index(&index, repo)); + cl_git_pass(git_repository_head_tree(&tree, repo)); + cl_git_pass(git_diff_index_to_workdir(&diff, repo, index, NULL)); + + for (i = 0; i < git_diff_num_deltas(diff); i++) { + delta = git_diff_get_delta(diff, i); + cl_assert_equal_i(GIT_DELTA_DELETED, delta->status); + } + + git_diff_free(diff); + git_tree_free(tree); + git_index_free(index); +} + +void test_win32_forbidden__checking_out_forbidden_index_fails(void) +{ +#ifdef GIT_WIN32 + git_index *index; + git_checkout_options opts = GIT_CHECKOUT_OPTIONS_INIT; + git_diff *diff; + const git_diff_delta *delta; + git_tree *tree; + size_t num_deltas, i; + + opts.checkout_strategy = GIT_CHECKOUT_FORCE; + + cl_git_pass(git_repository_index(&index, repo)); + cl_git_fail(git_checkout_index(repo, index, &opts)); + + cl_git_pass(git_repository_head_tree(&tree, repo)); + cl_git_pass(git_diff_index_to_workdir(&diff, repo, index, NULL)); + + num_deltas = git_diff_num_deltas(diff); + + cl_assert(num_deltas > 0); + + for (i = 0; i < num_deltas; i++) { + delta = git_diff_get_delta(diff, i); + cl_assert_equal_i(GIT_DELTA_DELETED, delta->status); + } + + git_diff_free(diff); + git_tree_free(tree); + git_index_free(index); +#endif +} + +void test_win32_forbidden__can_query_submodules(void) +{ + cl_git_pass(git_submodule_foreach(repo, dummy_submodule_cb, NULL)); +} + +void test_win32_forbidden__can_blame_file(void) +{ + git_blame *blame; + + cl_git_pass(git_blame_file(&blame, repo, "aux", NULL)); + git_blame_free(blame); +} From a218b2f625874d9d9523f05a86845506c4735e66 Mon Sep 17 00:00:00 2001 From: Colin Xu Date: Fri, 22 Jan 2016 16:03:37 +0800 Subject: [PATCH 2/4] Validate pointer before access the member. When Git repository at network locations, sometimes git_iterator_for_tree fails at iterator__update_ignore_case so it goes to git_iterator_free. Null pointer will crash the process if not check. Signed-off-by: Colin Xu --- src/iterator.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/iterator.c b/src/iterator.c index ee348de6e..2d9ebf41d 100644 --- a/src/iterator.c +++ b/src/iterator.c @@ -558,7 +558,7 @@ static bool tree_iterator__pop_frame(tree_iterator *ti, bool final) { tree_iterator_frame *tf = ti->head; - if (!tf->up) + if (!tf || !tf->up) return false; ti->head = tf->up; @@ -581,7 +581,8 @@ static void tree_iterator__pop_all(tree_iterator *ti, bool to_end, bool final) while (tree_iterator__pop_frame(ti, final)) /* pop to root */; if (!final) { - ti->head->current = to_end ? ti->head->n_entries : 0; + if(ti->head) + ti->head->current = to_end ? ti->head->n_entries : 0; ti->path_ambiguities = 0; git_buf_clear(&ti->path); } @@ -775,7 +776,8 @@ static void tree_iterator__free(git_iterator *self) tree_iterator__pop_all(ti, true, false); - git_tree_free(ti->head->entries[0]->tree); + if(ti->head) + git_tree_free(ti->head->entries[0]->tree); git__free(ti->head); git_pool_clear(&ti->pool); git_buf_free(&ti->path); From 4fea9cffbda89562bfdcdd58b0162d31ca4feb3e Mon Sep 17 00:00:00 2001 From: Edward Thomson Date: Tue, 16 Feb 2016 13:08:55 +0000 Subject: [PATCH 3/4] iterator: assert tree_iterator has a frame Although a `tree_iterator` that failed to be properly created does not have a frame, all other `tree_iterator`s should. Do not call `pop` in the failure case, but assert that in all other cases there is a frame. --- src/iterator.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/iterator.c b/src/iterator.c index 2d9ebf41d..973f77b03 100644 --- a/src/iterator.c +++ b/src/iterator.c @@ -558,7 +558,9 @@ static bool tree_iterator__pop_frame(tree_iterator *ti, bool final) { tree_iterator_frame *tf = ti->head; - if (!tf || !tf->up) + assert(tf); + + if (!tf->up) return false; ti->head = tf->up; @@ -581,8 +583,9 @@ static void tree_iterator__pop_all(tree_iterator *ti, bool to_end, bool final) while (tree_iterator__pop_frame(ti, final)) /* pop to root */; if (!final) { - if(ti->head) - ti->head->current = to_end ? ti->head->n_entries : 0; + assert(ti->head); + + ti->head->current = to_end ? ti->head->n_entries : 0; ti->path_ambiguities = 0; git_buf_clear(&ti->path); } @@ -774,11 +777,12 @@ static void tree_iterator__free(git_iterator *self) { tree_iterator *ti = (tree_iterator *)self; - tree_iterator__pop_all(ti, true, false); - - if(ti->head) + if (ti->head) { + tree_iterator__pop_all(ti, true, false); git_tree_free(ti->head->entries[0]->tree); - git__free(ti->head); + git__free(ti->head); + } + git_pool_clear(&ti->pool); git_buf_free(&ti->path); } From 318b825e76a9dc8afefc8274c5271747ad64d5a9 Mon Sep 17 00:00:00 2001 From: Edward Thomson Date: Tue, 16 Feb 2016 17:11:46 +0000 Subject: [PATCH 4/4] index: allow read of index w/ illegal entries Allow `git_index_read` to handle reading existing indexes with illegal entries. Allow the low-level `git_index_add` to add properly formed `git_index_entry`s even if they contain paths that would be illegal for the current filesystem (eg, `AUX`). Continue to disallow `git_index_add_bypath` from adding entries that are illegal universally illegal (eg, `.git`, `foo/../bar`). --- src/checkout.c | 2 +- src/index.c | 32 +++++++++++++++++++++++--------- src/path.c | 7 ++++++- src/path.h | 18 ++++++++++++++---- src/refdb_fs.c | 4 ++-- tests/path/core.c | 12 ++++++------ 6 files changed, 52 insertions(+), 23 deletions(-) diff --git a/src/checkout.c b/src/checkout.c index a92ad0825..07b6bd633 100644 --- a/src/checkout.c +++ b/src/checkout.c @@ -1226,7 +1226,7 @@ static int checkout_verify_paths( int action, git_diff_delta *delta) { - unsigned int flags = GIT_PATH_REJECT_DEFAULTS | GIT_PATH_REJECT_DOT_GIT; + unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS; if (action & CHECKOUT_ACTION__REMOVE) { if (!git_path_isvalid(repo, delta->old_file.path, flags)) { diff --git a/src/index.c b/src/index.c index 5c7bd90dd..5728008aa 100644 --- a/src/index.c +++ b/src/index.c @@ -891,17 +891,31 @@ static void index_entry_adjust_namemask( entry->flags |= GIT_IDXENTRY_NAMEMASK; } +/* When `from_workdir` is true, we will validate the paths to avoid placing + * paths that are invalid for the working directory on the current filesystem + * (eg, on Windows, we will disallow `GIT~1`, `AUX`, `COM1`, etc). This + * function will *always* prevent `.git` and directory traversal `../` from + * being added to the index. + */ static int index_entry_create( git_index_entry **out, git_repository *repo, - const char *path) + const char *path, + bool from_workdir) { size_t pathlen = strlen(path), alloclen; struct entry_internal *entry; + unsigned int path_valid_flags = GIT_PATH_REJECT_INDEX_DEFAULTS; - if (!git_path_isvalid(repo, path, - GIT_PATH_REJECT_DEFAULTS | GIT_PATH_REJECT_DOT_GIT)) { - giterr_set(GITERR_INDEX, "Invalid path: '%s'", path); + /* always reject placing `.git` in the index and directory traversal. + * when requested, disallow platform-specific filenames and upgrade to + * the platform-specific `.git` tests (eg, `git~1`, etc). + */ + if (from_workdir) + path_valid_flags |= GIT_PATH_REJECT_WORKDIR_DEFAULTS; + + if (!git_path_isvalid(repo, path, path_valid_flags)) { + giterr_set(GITERR_INDEX, "invalid path: '%s'", path); return -1; } @@ -933,7 +947,7 @@ static int index_entry_init( "Could not initialize index entry. " "Index is not backed up by an existing repository."); - if (index_entry_create(&entry, INDEX_OWNER(index), rel_path) < 0) + if (index_entry_create(&entry, INDEX_OWNER(index), rel_path, true) < 0) return -1; /* write the blob to disk and get the oid and stat info */ @@ -1013,7 +1027,7 @@ static int index_entry_dup( git_index *index, const git_index_entry *src) { - if (index_entry_create(out, INDEX_OWNER(index), src->path) < 0) + if (index_entry_create(out, INDEX_OWNER(index), src->path, false) < 0) return -1; index_entry_cpy(*out, src); @@ -1035,7 +1049,7 @@ static int index_entry_dup_nocache( git_index *index, const git_index_entry *src) { - if (index_entry_create(out, INDEX_OWNER(index), src->path) < 0) + if (index_entry_create(out, INDEX_OWNER(index), src->path, false) < 0) return -1; index_entry_cpy_nocache(*out, src); @@ -1447,7 +1461,7 @@ static int add_repo_as_submodule(git_index_entry **out, git_index *index, const struct stat st; int error; - if (index_entry_create(&entry, INDEX_OWNER(index), path) < 0) + if (index_entry_create(&entry, INDEX_OWNER(index), path, true) < 0) return -1; if ((error = git_buf_joinpath(&abspath, git_repository_workdir(repo), path)) < 0) @@ -2884,7 +2898,7 @@ static int read_tree_cb( if (git_buf_joinpath(&path, root, tentry->filename) < 0) return -1; - if (index_entry_create(&entry, INDEX_OWNER(data->index), path.ptr) < 0) + if (index_entry_create(&entry, INDEX_OWNER(data->index), path.ptr, false) < 0) return -1; entry->mode = tentry->attr; diff --git a/src/path.c b/src/path.c index 18b4f03fd..852ef576a 100644 --- a/src/path.c +++ b/src/path.c @@ -1630,9 +1630,12 @@ static bool verify_component( !verify_dotgit_ntfs(repo, component, len)) return false; + /* don't bother rerunning the `.git` test if we ran the HFS or NTFS + * specific tests, they would have already rejected `.git`. + */ if ((flags & GIT_PATH_REJECT_DOT_GIT_HFS) == 0 && (flags & GIT_PATH_REJECT_DOT_GIT_NTFS) == 0 && - (flags & GIT_PATH_REJECT_DOT_GIT) && + (flags & GIT_PATH_REJECT_DOT_GIT_LITERAL) && len == 4 && component[0] == '.' && (component[1] == 'g' || component[1] == 'G') && @@ -1649,6 +1652,8 @@ GIT_INLINE(unsigned int) dotgit_flags( { int protectHFS = 0, protectNTFS = 0; + flags |= GIT_PATH_REJECT_DOT_GIT_LITERAL; + #ifdef __APPLE__ protectHFS = 1; #endif diff --git a/src/path.h b/src/path.h index 7e156fce8..875c8cb7e 100644 --- a/src/path.h +++ b/src/path.h @@ -564,15 +564,16 @@ extern int git_path_from_url_or_path(git_buf *local_path_out, const char *url_or #define GIT_PATH_REJECT_TRAILING_COLON (1 << 6) #define GIT_PATH_REJECT_DOS_PATHS (1 << 7) #define GIT_PATH_REJECT_NT_CHARS (1 << 8) -#define GIT_PATH_REJECT_DOT_GIT_HFS (1 << 9) -#define GIT_PATH_REJECT_DOT_GIT_NTFS (1 << 10) +#define GIT_PATH_REJECT_DOT_GIT_LITERAL (1 << 9) +#define GIT_PATH_REJECT_DOT_GIT_HFS (1 << 10) +#define GIT_PATH_REJECT_DOT_GIT_NTFS (1 << 11) /* Default path safety for writing files to disk: since we use the * Win32 "File Namespace" APIs ("\\?\") we need to protect from * paths that the normal Win32 APIs would not write. */ #ifdef GIT_WIN32 -# define GIT_PATH_REJECT_DEFAULTS \ +# define GIT_PATH_REJECT_FILESYSTEM_DEFAULTS \ GIT_PATH_REJECT_TRAVERSAL | \ GIT_PATH_REJECT_BACKSLASH | \ GIT_PATH_REJECT_TRAILING_DOT | \ @@ -581,9 +582,18 @@ extern int git_path_from_url_or_path(git_buf *local_path_out, const char *url_or GIT_PATH_REJECT_DOS_PATHS | \ GIT_PATH_REJECT_NT_CHARS #else -# define GIT_PATH_REJECT_DEFAULTS GIT_PATH_REJECT_TRAVERSAL +# define GIT_PATH_REJECT_FILESYSTEM_DEFAULTS \ + GIT_PATH_REJECT_TRAVERSAL #endif + /* Paths that should never be written into the working directory. */ +#define GIT_PATH_REJECT_WORKDIR_DEFAULTS \ + GIT_PATH_REJECT_FILESYSTEM_DEFAULTS | GIT_PATH_REJECT_DOT_GIT + +/* Paths that should never be written to the index. */ +#define GIT_PATH_REJECT_INDEX_DEFAULTS \ + GIT_PATH_REJECT_TRAVERSAL | GIT_PATH_REJECT_DOT_GIT + /* * Determine whether a path is a valid git path or not - this must not contain * a '.' or '..' component, or a component that is ".git" (in any case). diff --git a/src/refdb_fs.c b/src/refdb_fs.c index 85b5034d6..1348c67a1 100644 --- a/src/refdb_fs.c +++ b/src/refdb_fs.c @@ -717,7 +717,7 @@ static int loose_lock(git_filebuf *file, refdb_fs_backend *backend, const char * assert(file && backend && name); - if (!git_path_isvalid(backend->repo, name, GIT_PATH_REJECT_DEFAULTS)) { + if (!git_path_isvalid(backend->repo, name, GIT_PATH_REJECT_FILESYSTEM_DEFAULTS)) { giterr_set(GITERR_INVALID, "Invalid reference name '%s'.", name); return GIT_EINVALIDSPEC; } @@ -1672,7 +1672,7 @@ static int lock_reflog(git_filebuf *file, refdb_fs_backend *backend, const char repo = backend->repo; - if (!git_path_isvalid(backend->repo, refname, GIT_PATH_REJECT_DEFAULTS)) { + if (!git_path_isvalid(backend->repo, refname, GIT_PATH_REJECT_FILESYSTEM_DEFAULTS)) { giterr_set(GITERR_INVALID, "Invalid reference name '%s'.", refname); return GIT_EINVALIDSPEC; } diff --git a/tests/path/core.c b/tests/path/core.c index 064f1492a..3dccfe5fb 100644 --- a/tests/path/core.c +++ b/tests/path/core.c @@ -105,12 +105,12 @@ void test_path_core__isvalid_dot_git(void) cl_assert_equal_b(true, git_path_isvalid(NULL, "foo/.GIT/bar", 0)); cl_assert_equal_b(true, git_path_isvalid(NULL, "foo/bar/.Git", 0)); - cl_assert_equal_b(false, git_path_isvalid(NULL, ".git", GIT_PATH_REJECT_DOT_GIT)); - cl_assert_equal_b(false, git_path_isvalid(NULL, ".git/foo", GIT_PATH_REJECT_DOT_GIT)); - cl_assert_equal_b(false, git_path_isvalid(NULL, "foo/.git", GIT_PATH_REJECT_DOT_GIT)); - cl_assert_equal_b(false, git_path_isvalid(NULL, "foo/.git/bar", GIT_PATH_REJECT_DOT_GIT)); - cl_assert_equal_b(false, git_path_isvalid(NULL, "foo/.GIT/bar", GIT_PATH_REJECT_DOT_GIT)); - cl_assert_equal_b(false, git_path_isvalid(NULL, "foo/bar/.Git", GIT_PATH_REJECT_DOT_GIT)); + cl_assert_equal_b(false, git_path_isvalid(NULL, ".git", GIT_PATH_REJECT_DOT_GIT_LITERAL)); + cl_assert_equal_b(false, git_path_isvalid(NULL, ".git/foo", GIT_PATH_REJECT_DOT_GIT_LITERAL)); + cl_assert_equal_b(false, git_path_isvalid(NULL, "foo/.git", GIT_PATH_REJECT_DOT_GIT_LITERAL)); + cl_assert_equal_b(false, git_path_isvalid(NULL, "foo/.git/bar", GIT_PATH_REJECT_DOT_GIT_LITERAL)); + cl_assert_equal_b(false, git_path_isvalid(NULL, "foo/.GIT/bar", GIT_PATH_REJECT_DOT_GIT_LITERAL)); + cl_assert_equal_b(false, git_path_isvalid(NULL, "foo/bar/.Git", GIT_PATH_REJECT_DOT_GIT_LITERAL)); cl_assert_equal_b(true, git_path_isvalid(NULL, "!git", 0)); cl_assert_equal_b(true, git_path_isvalid(NULL, "foo/!git", 0));