proxmox-mirrors/libgit2
1
0
Fork 0
mirror of https://git.proxmox.com/git/libgit2 synced 2025-08-04 01:16:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Small enhancements to git_prettify_dir_path().

Browse Source 
- Secured buffer ahead reading.
 - Guard against potential multiple dot path traversal (cf http://cwe.mitre.org/data/definitions/33.html)
This commit is contained in:
nulltoken 2011-01-20 19:51:34 +01:00 committed by Vicent Marti
parent e08b246cec
commit e16c2f6a4c
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/fileops.c
View File

@ -413,9 +413,13 @@ int git_prettify_dir_path(char *buffer_out, const char *path)
current++;
/* Handle the double-dot upward directory navigation */
if (*current == '.') {
if (current < buffer_end && *current == '.') {
current++;
/* Guard against potential multiple dot path traversal (cf http://cwe.mitre.org/data/definitions/33.html) */
if (*current == '.')
return GIT_ERROR;
*buffer_out ='\0';
len = retrieve_previous_path_component_start(buffer_out_start);
if (len < GIT_SUCCESS)
@ -424,7 +428,7 @@ int git_prettify_dir_path(char *buffer_out, const char *path)
buffer_out = (char *)buffer_out_start + len;
}
if (*current == '/')
if (current < buffer_end && *current == '/')
current++;
continue;

12
tests/t0005-path.c
View File

@ -47,6 +47,12 @@ BEGIN_TEST(path_prettifying)
must_pass(ensure_normalized("d1/s1///s2/..//../s3/", "d1/s3/"));
must_pass(ensure_normalized("d1/s1//../s2/../../d2", "d2/"));
must_pass(ensure_normalized("dir/sub/../", "dir/"));
must_fail(ensure_normalized("....", NULL));
must_fail(ensure_normalized("...", NULL));
must_fail(ensure_normalized("./...", NULL));
must_fail(ensure_normalized("d1/...", NULL));
must_fail(ensure_normalized("d1/.../", NULL));
must_fail(ensure_normalized("d1/.../d2", NULL));
must_pass(ensure_normalized("/", "/"));
must_pass(ensure_normalized("//", "/"));
@ -70,4 +76,10 @@ BEGIN_TEST(path_prettifying)
must_pass(ensure_normalized("/dir/s1/../s2/", "/dir/s2/"));
must_pass(ensure_normalized("/d1/s1///s2/..//../s3/", "/d1/s3/"));
must_pass(ensure_normalized("/d1/s1//../s2/../../d2", "/d2/"));
must_fail(ensure_normalized("/....", NULL));
must_fail(ensure_normalized("/...", NULL));
must_fail(ensure_normalized("/./...", NULL));
must_fail(ensure_normalized("/d1/...", NULL));
must_fail(ensure_normalized("/d1/.../", NULL));
must_fail(ensure_normalized("/d1/.../d2", NULL));
END_TEST