From: Brandon Williams <bmwill@google.com>
To: git@vger.kernel.org
Cc: Brandon Williams <bmwill@google.com>
Subject: [PATCH 2/2] submodule: munge paths to submodule git directories
Date: Wed, 8 Aug 2018 15:33:23 -0700 [thread overview]
Message-ID: <20180808223323.79989-3-bmwill@google.com> (raw)
In-Reply-To: <20180808223323.79989-1-bmwill@google.com>
Commit 0383bbb901 (submodule-config: verify submodule names as paths,
2018-04-30) introduced some checks to ensure that submodule names don't
include directory traversal components (e.g. "../").
This addresses the vulnerability identified in 0383bbb901 but the root
cause is that we use submodule names to construct paths to the
submodule's git directory. What we really should do is munge the
submodule name before using it to construct a path.
Teach "submodule_name_to_gitdir()" to munge a submodule's name (by url
encoding it) before using it to build a path to the submodule's gitdir.
Signed-off-by: Brandon Williams <bmwill@google.com>
---
submodule.c | 14 ++++++++++++++
t/t7400-submodule-basic.sh | 32 +++++++++++++++++++++++++++++++-
t/t7406-submodule-update.sh | 21 ++++++---------------
3 files changed, 51 insertions(+), 16 deletions(-)
diff --git a/submodule.c b/submodule.c
index 24eced34e7..4854d88ce8 100644
--- a/submodule.c
+++ b/submodule.c
@@ -1965,6 +1965,20 @@ int submodule_to_gitdir(struct strbuf *buf, const char *submodule)
void submodule_name_to_gitdir(struct strbuf *buf, struct repository *r,
const char *submodule_name)
{
+ size_t modules_len;
+
strbuf_git_common_path(buf, r, "modules/");
+ modules_len = buf->len;
strbuf_addstr(buf, submodule_name);
+
+ /*
+ * If the submodule gitdir already exists using the old-fashioned
+ * location (which uses the submodule name as-is, without munging it)
+ * then return that.
+ */
+ if (!access(buf->buf, F_OK))
+ return;
+
+ strbuf_setlen(buf, modules_len);
+ strbuf_addstr_urlencode(buf, submodule_name, 1);
}
diff --git a/t/t7400-submodule-basic.sh b/t/t7400-submodule-basic.sh
index 2c2c97e144..963693332c 100755
--- a/t/t7400-submodule-basic.sh
+++ b/t/t7400-submodule-basic.sh
@@ -933,7 +933,7 @@ test_expect_success 'recursive relative submodules stay relative' '
cd clone2 &&
git submodule update --init --recursive &&
echo "gitdir: ../.git/modules/sub3" >./sub3/.git_expect &&
- echo "gitdir: ../../../.git/modules/sub3/modules/dirdir/subsub" >./sub3/dirdir/subsub/.git_expect
+ echo "gitdir: ../../../.git/modules/sub3/modules/dirdir%2fsubsub" >./sub3/dirdir/subsub/.git_expect
) &&
test_cmp clone2/sub3/.git_expect clone2/sub3/.git &&
test_cmp clone2/sub3/dirdir/subsub/.git_expect clone2/sub3/dirdir/subsub/.git
@@ -1324,4 +1324,34 @@ test_expect_success 'recursive clone respects -q' '
test_must_be_empty actual
'
+test_expect_success 'resolve submodule gitdir in superprojects modules directory' '
+ test_when_finished "rm -rf superproject submodule" &&
+
+ # Create a superproject with a submodule which contains a "/"
+ test_create_repo submodule &&
+ test_commit -C submodule one &&
+ test_create_repo superproject &&
+ git -C superproject submodule add ../submodule sub/module &&
+ git -C superproject commit -m "add submodule" &&
+
+ # "/" characters in submodule names are properly urlencoded before
+ # being used to construct a path to the submodules gitdir.
+ cat >expect <<-EOF &&
+ $(git -C superproject rev-parse --git-common-dir)/modules/sub%2fmodule
+ EOF
+ git -C superproject submodule--helper gitdir "sub/module" >actual &&
+ test_cmp expect actual &&
+ test_path_is_dir "superproject/.git/modules/sub%2fmodule" &&
+
+ # Test the old-fashioned way of storing submodules in the
+ # "modules" directory by directly renaming the submodules gitdir
+ mkdir superproject/.git/modules/sub/ &&
+ mv superproject/.git/modules/sub%2fmodule superproject/.git/modules/sub/module &&
+ cat >expect <<-EOF &&
+ $(git -C superproject rev-parse --git-common-dir)/modules/sub/module
+ EOF
+ git -C superproject submodule--helper gitdir "sub/module" >actual &&
+ test_cmp expect actual
+'
+
test_done
diff --git a/t/t7406-submodule-update.sh b/t/t7406-submodule-update.sh
index f604ef7a72..fb744c5c39 100755
--- a/t/t7406-submodule-update.sh
+++ b/t/t7406-submodule-update.sh
@@ -777,12 +777,8 @@ test_expect_success 'submodule add places git-dir in superprojects git-dir' '
(cd super &&
mkdir deeper &&
git submodule add ../submodule deeper/submodule &&
- (cd deeper/submodule &&
- git log > ../../expected
- ) &&
- (cd .git/modules/deeper/submodule &&
- git log > ../../../../actual
- ) &&
+ git -C deeper/submodule log >expected &&
+ git -C .git/modules/deeper%2fsubmodule log >actual &&
test_cmp actual expected
)
'
@@ -795,12 +791,9 @@ test_expect_success 'submodule update places git-dir in superprojects git-dir' '
(cd super2 &&
git submodule init deeper/submodule &&
git submodule update &&
- (cd deeper/submodule &&
- git log > ../../expected
- ) &&
- (cd .git/modules/deeper/submodule &&
- git log > ../../../../actual
- ) &&
+
+ git -C deeper/submodule log >expected &&
+ git -C .git/modules/deeper%2fsubmodule log >actual &&
test_cmp actual expected
)
'
@@ -815,9 +808,7 @@ test_expect_success 'submodule add places git-dir in superprojects git-dir recur
git commit -m "added subsubmodule" &&
git push origin :
) &&
- (cd .git/modules/deeper/submodule/modules/subsubmodule &&
- git log > ../../../../../actual
- ) &&
+ git -C .git/modules/deeper%2fsubmodule/modules/subsubmodule log >actual &&
git add deeper/submodule &&
git commit -m "update submodule" &&
git push origin : &&
--
2.18.0.597.ga71716f1ad-goog
next prev parent reply other threads:[~2018-08-08 22:33 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-07 23:06 [RFC] " Brandon Williams
2018-08-07 23:25 ` Jonathan Nieder
2018-08-08 0:14 ` Junio C Hamano
2018-08-08 22:33 ` [PATCH 0/2] munge submodule names Brandon Williams
2018-08-08 22:33 ` [PATCH 1/2] submodule: create helper to build paths to submodule gitdirs Brandon Williams
2018-08-08 23:21 ` Stefan Beller
2018-08-09 0:45 ` Brandon Williams
2018-08-10 21:27 ` Junio C Hamano
2018-08-10 21:45 ` Brandon Williams
2018-08-08 22:33 ` Brandon Williams [this message]
2018-08-09 21:26 ` [PATCH 2/2] submodule: munge paths to submodule git directories Jeff King
2018-08-14 18:04 ` Brandon Williams
2018-08-14 18:57 ` Jonathan Nieder
2018-08-14 21:08 ` Stefan Beller
2018-08-14 21:12 ` Jonathan Nieder
2018-08-14 22:34 ` Stefan Beller
2018-08-16 2:34 ` Jonathan Nieder
2018-08-16 2:39 ` Stefan Beller
2018-08-16 2:47 ` Jonathan Nieder
2018-08-16 17:34 ` Brandon Williams
2018-08-16 18:19 ` [PATCH] submodule: add config for where gitdirs are located Brandon Williams
2018-08-20 22:03 ` Junio C Hamano
2018-08-16 15:07 ` [PATCH 2/2] submodule: munge paths to submodule git directories Junio C Hamano
2018-08-14 18:58 ` Jeff King
2018-08-28 21:35 ` Stefan Beller
2018-08-29 5:25 ` Jeff King
2018-08-29 18:10 ` Stefan Beller
2018-08-29 21:03 ` Jeff King
2018-08-29 21:10 ` Stefan Beller
2018-08-29 21:18 ` Jonathan Nieder
2018-08-29 21:27 ` Stefan Beller
2018-08-29 21:30 ` Jeff King
2018-08-29 21:09 ` Jonathan Nieder
2018-08-29 21:14 ` Stefan Beller
2018-08-29 21:25 ` Brandon Williams
2018-08-29 21:32 ` Jeff King
2018-08-16 0:19 ` Aaron Schrab
2019-01-15 1:25 ` [RFC] " Jonathan Nieder
2019-01-17 17:32 ` Jeff King
2019-01-17 17:57 ` Stefan Beller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180808223323.79989-3-bmwill@google.com \
--to=bmwill@google.com \
--cc=git@vger.kernel.org \
--subject='Re: [PATCH 2/2] submodule: munge paths to submodule git directories' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
git@vger.kernel.org list mirror (unofficial, one of many)
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://public-inbox.org/git
git clone --mirror http://ou63pmih66umazou.onion/git
git clone --mirror http://czquwvybam4bgbro.onion/git
git clone --mirror http://hjrcffqmbrq6wope.onion/git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V1 git git/ https://public-inbox.org/git \
git@vger.kernel.org
public-inbox-index git
Example config snippet for mirrors.
Newsgroups are available over NNTP:
nntp://news.public-inbox.org/inbox.comp.version-control.git
nntp://7fh6tueqddpjyxjmgtdiueylzoqt6pt7hec3pukyptlmohoowvhde4yd.onion/inbox.comp.version-control.git
nntp://ie5yzdi7fg72h7s4sdcztq5evakq23rdt33mfyfcddc5u3ndnw24ogqd.onion/inbox.comp.version-control.git
nntp://4uok3hntl7oi7b4uf4rtfwefqeexfzil2w6kgk2jn5z2f764irre7byd.onion/inbox.comp.version-control.git
nntp://news.gmane.io/gmane.comp.version-control.git
note: .onion URLs require Tor: https://www.torproject.org/
code repositories for project(s) associated with this inbox:
https://80x24.org/mirrors/git.git
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git