proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-05-06 23:26:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed a parsing issue in git_prettify_dir_path().

Browse Source
This commit is contained in:
nulltoken 2011-01-22 14:04:32 +01:00 committed by Vicent Marti
parent b29e8f1930
commit ae7ffea961
2 changed files with 50 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/fileops.c
View File

@ -394,8 +394,9 @@ static int retrieve_previous_path_component_start(const char *path)
int git_prettify_dir_path(char *buffer_out, const char *path) int git_prettify_dir_path(char *buffer_out, const char *path)
{ {
int len = 0; int len = 0;
char *current; char *current, *end;
const char *buffer_out_start, *buffer_end; const char *buffer_out_start, *buffer_end;
int only_dots;
buffer_out_start = buffer_out; buffer_out_start = buffer_out;
current = (char *)path; current = (char *)path;
@ -408,39 +409,51 @@ int git_prettify_dir_path(char *buffer_out, const char *path)
continue; continue;
} }
end = current;
only_dots = 1;
/* Seek end of path segment */
while (end < buffer_end && *end !='/')
{
only_dots &= (*end == '.');
end++;
}
/* Skip current directory */ /* Skip current directory */
if (*current == '.') { if (only_dots && end == current + 1)
current++; {
current += 2;
continue;
}
/* Handle the double-dot upward directory navigation */ /* Handle the double-dot upward directory navigation */
if (current < buffer_end && *current == '.') { if (only_dots && end == current + 2)
current++; {
/* Guard against potential multiple dot path traversal (cf http://cwe.mitre.org/data/definitions/33.html) */
if (*current == '.')
return GIT_ERROR;
*buffer_out ='\0'; *buffer_out ='\0';
len = retrieve_previous_path_component_start(buffer_out_start); len = retrieve_previous_path_component_start(buffer_out_start);
if (len < GIT_SUCCESS) if (len < GIT_SUCCESS)
return GIT_ERROR; return GIT_ERROR;
buffer_out = (char *)buffer_out_start + len; buffer_out = (char *)buffer_out_start + len;
}
if (current < buffer_end && *current == '/')
current++;
current += 3;
continue; continue;
} }
/* Guard against potential multiple dot path traversal (cf http://cwe.mitre.org/data/definitions/33.html) */
if (only_dots && end > current)
return GIT_ERROR;
/* Copy to output the path segment */
while (current < end)
{
*buffer_out++ = *current++; *buffer_out++ = *current++;
len++; len++;
} }
/* Add a trailing slash if required */
if (len > 0 && buffer_out_start[len-1] != '/')
*buffer_out++ = '/'; *buffer_out++ = '/';
len++;
}
*buffer_out = '\0'; *buffer_out = '\0';

8
tests/t0005-path.c
View File

@ -20,6 +20,10 @@ static int ensure_normalized(const char *input_path, const char *expected_path)
} }
BEGIN_TEST(path_prettifying) BEGIN_TEST(path_prettifying)
must_pass(ensure_normalized("./testrepo.git", "testrepo.git/"));
must_pass(ensure_normalized("./.git", ".git/"));
must_pass(ensure_normalized("./git.", "git./"));
must_pass(ensure_normalized("git./", "git./"));
must_pass(ensure_normalized("", "")); must_pass(ensure_normalized("", ""));
must_pass(ensure_normalized(".", "")); must_pass(ensure_normalized(".", ""));
must_pass(ensure_normalized("./", "")); must_pass(ensure_normalized("./", ""));
@ -54,6 +58,10 @@ BEGIN_TEST(path_prettifying)
must_fail(ensure_normalized("d1/.../", NULL)); must_fail(ensure_normalized("d1/.../", NULL));
must_fail(ensure_normalized("d1/.../d2", NULL)); must_fail(ensure_normalized("d1/.../d2", NULL));
must_pass(ensure_normalized("/./testrepo.git", "/testrepo.git/"));
must_pass(ensure_normalized("/./.git", "/.git/"));
must_pass(ensure_normalized("/./git.", "/git./"));
must_pass(ensure_normalized("/git./", "/git./"));
must_pass(ensure_normalized("/", "/")); must_pass(ensure_normalized("/", "/"));
must_pass(ensure_normalized("//", "/")); must_pass(ensure_normalized("//", "/"));
must_pass(ensure_normalized("///", "/")); must_pass(ensure_normalized("///", "/"));