* [PATCH] daemon: sanitize all directory separators @ 2021-03-25 16:21 René Scharfe. 2021-03-26 4:22 ` Jeff King [not found] ` <xmqq5z1fuen6.fsf@gitster.g> 0 siblings, 2 replies; 3+ messages in thread From: René Scharfe. @ 2021-03-25 16:21 UTC (permalink / raw) To: Git List; +Cc: Junio C Hamano, Johannes Schindelin, Jeff King When sanitizing client-supplied strings on Windows, also strip off backslashes, not just slashes. Signed-off-by: René Scharfe <l.s.r@web.de> --- daemon.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/daemon.c b/daemon.c index 2ab7ea82eb..0561c19ee8 100644 --- a/daemon.c +++ b/daemon.c @@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host, /* * Sanitize a string from the client so that it's OK to be inserted into a - * filesystem path. Specifically, we disallow slashes, runs of "..", and - * trailing and leading dots, which means that the client cannot escape - * our base path via ".." traversal. + * filesystem path. Specifically, we disallow directory separators, runs + * of "..", and trailing and leading dots, which means that the client + * cannot escape our base path via ".." traversal. */ static void sanitize_client(struct strbuf *out, const char *in) { for (; *in; in++) { - if (*in == '/') + if (is_dir_sep(*in)) continue; if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.')) continue; -- 2.30.2 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] daemon: sanitize all directory separators 2021-03-25 16:21 [PATCH] daemon: sanitize all directory separators René Scharfe. @ 2021-03-26 4:22 ` Jeff King [not found] ` <xmqq5z1fuen6.fsf@gitster.g> 1 sibling, 0 replies; 3+ messages in thread From: Jeff King @ 2021-03-26 4:22 UTC (permalink / raw) To: René Scharfe.; +Cc: Git List, Junio C Hamano, Johannes Schindelin On Thu, Mar 25, 2021 at 05:21:24PM +0100, René Scharfe. wrote: > When sanitizing client-supplied strings on Windows, also strip off > backslashes, not just slashes. > [...] > static void sanitize_client(struct strbuf *out, const char *in) > { > for (; *in; in++) { > - if (*in == '/') > + if (is_dir_sep(*in)) Yeah, this seems like the obviously correct thing to be doing. -Peff ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <xmqq5z1fuen6.fsf@gitster.g>]
* Re: [PATCH] daemon: sanitize all directory separators [not found] ` <xmqq5z1fuen6.fsf@gitster.g> @ 2021-03-26 14:47 ` Johannes Schindelin 0 siblings, 0 replies; 3+ messages in thread From: Johannes Schindelin @ 2021-03-26 14:47 UTC (permalink / raw) To: Junio C Hamano; +Cc: René Scharfe., Git List, Jeff King [-- Attachment #1: Type: text/plain, Size: 2275 bytes --] Hi Junio & René, On Thu, 25 Mar 2021, Junio C Hamano wrote: > René Scharfe. <l.s.r@web.de> writes: > > > When sanitizing client-supplied strings on Windows, also strip off > > backslashes, not just slashes. > > > > Signed-off-by: René Scharfe <l.s.r@web.de> > > --- > > daemon.c | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > I do not know how common is it to run "git daemon" on Windows, but > it would be nice to have at least an ack from Windows person. Here is my ACK. I do not have any precise numbers, of course, as we do not have any telemetry in Git for Windows (for better or worse). There _are_ occasional reports about something in `git daemon` not working; Most notably, you have to turn off the sideband to make `push` work. > > diff --git a/daemon.c b/daemon.c > > index 2ab7ea82eb..0561c19ee8 100644 > > --- a/daemon.c > > +++ b/daemon.c > > @@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host, > > > > /* > > * Sanitize a string from the client so that it's OK to be inserted into a > > - * filesystem path. Specifically, we disallow slashes, runs of "..", and > > - * trailing and leading dots, which means that the client cannot escape > > - * our base path via ".." traversal. > > + * filesystem path. Specifically, we disallow directory separators, runs > > + * of "..", and trailing and leading dots, which means that the client > > + * cannot escape our base path via ".." traversal. > > Not a new problem, but "runs of '..'" confused me. If I am reading > the code right, we disallow directory separators (by ignoring) and > two or more '.' in a row (by squashing them into a single '.'). Indeed, the code is a bit funny in that respect. But at least it keeps us somewhat safe: there is currently no way to break out of the directory to the parent directory, whether with this path or not. (Phew!) Thanks, Dscho > > > */ > > static void sanitize_client(struct strbuf *out, const char *in) > > { > > for (; *in; in++) { > > - if (*in == '/') > > + if (is_dir_sep(*in)) > > continue; > > if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.')) > > continue; > > -- > > 2.30.2 > > Thanks. > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-03-26 14:48 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-03-25 16:21 [PATCH] daemon: sanitize all directory separators René Scharfe. 2021-03-26 4:22 ` Jeff King [not found] ` <xmqq5z1fuen6.fsf@gitster.g> 2021-03-26 14:47 ` Johannes Schindelin
Code repositories for project(s) associated with this public inbox https://80x24.org/mirrors/git.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).