* [PATCH] daemon: sanitize all directory separators
@ 2021-03-25 16:21 René Scharfe.
2021-03-26 4:22 ` Jeff King
[not found] ` <xmqq5z1fuen6.fsf@gitster.g>
0 siblings, 2 replies; 3+ messages in thread
From: René Scharfe. @ 2021-03-25 16:21 UTC (permalink / raw)
To: Git List; +Cc: Junio C Hamano, Johannes Schindelin, Jeff King
When sanitizing client-supplied strings on Windows, also strip off
backslashes, not just slashes.
Signed-off-by: René Scharfe <l.s.r@web.de>
---
daemon.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/daemon.c b/daemon.c
index 2ab7ea82eb..0561c19ee8 100644
--- a/daemon.c
+++ b/daemon.c
@@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host,
/*
* Sanitize a string from the client so that it's OK to be inserted into a
- * filesystem path. Specifically, we disallow slashes, runs of "..", and
- * trailing and leading dots, which means that the client cannot escape
- * our base path via ".." traversal.
+ * filesystem path. Specifically, we disallow directory separators, runs
+ * of "..", and trailing and leading dots, which means that the client
+ * cannot escape our base path via ".." traversal.
*/
static void sanitize_client(struct strbuf *out, const char *in)
{
for (; *in; in++) {
- if (*in == '/')
+ if (is_dir_sep(*in))
continue;
if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
continue;
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] daemon: sanitize all directory separators
2021-03-25 16:21 [PATCH] daemon: sanitize all directory separators René Scharfe.
@ 2021-03-26 4:22 ` Jeff King
[not found] ` <xmqq5z1fuen6.fsf@gitster.g>
1 sibling, 0 replies; 3+ messages in thread
From: Jeff King @ 2021-03-26 4:22 UTC (permalink / raw)
To: René Scharfe.; +Cc: Git List, Junio C Hamano, Johannes Schindelin
On Thu, Mar 25, 2021 at 05:21:24PM +0100, René Scharfe. wrote:
> When sanitizing client-supplied strings on Windows, also strip off
> backslashes, not just slashes.
> [...]
> static void sanitize_client(struct strbuf *out, const char *in)
> {
> for (; *in; in++) {
> - if (*in == '/')
> + if (is_dir_sep(*in))
Yeah, this seems like the obviously correct thing to be doing.
-Peff
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] daemon: sanitize all directory separators
[not found] ` <xmqq5z1fuen6.fsf@gitster.g>
@ 2021-03-26 14:47 ` Johannes Schindelin
0 siblings, 0 replies; 3+ messages in thread
From: Johannes Schindelin @ 2021-03-26 14:47 UTC (permalink / raw)
To: Junio C Hamano; +Cc: René Scharfe., Git List, Jeff King
[-- Attachment #1: Type: text/plain, Size: 2275 bytes --]
Hi Junio & René,
On Thu, 25 Mar 2021, Junio C Hamano wrote:
> René Scharfe. <l.s.r@web.de> writes:
>
> > When sanitizing client-supplied strings on Windows, also strip off
> > backslashes, not just slashes.
> >
> > Signed-off-by: René Scharfe <l.s.r@web.de>
> > ---
> > daemon.c | 8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
>
> I do not know how common is it to run "git daemon" on Windows, but
> it would be nice to have at least an ack from Windows person.
Here is my ACK.
I do not have any precise numbers, of course, as we do not have any
telemetry in Git for Windows (for better or worse).
There _are_ occasional reports about something in `git daemon` not
working; Most notably, you have to turn off the sideband to make `push`
work.
> > diff --git a/daemon.c b/daemon.c
> > index 2ab7ea82eb..0561c19ee8 100644
> > --- a/daemon.c
> > +++ b/daemon.c
> > @@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host,
> >
> > /*
> > * Sanitize a string from the client so that it's OK to be inserted into a
> > - * filesystem path. Specifically, we disallow slashes, runs of "..", and
> > - * trailing and leading dots, which means that the client cannot escape
> > - * our base path via ".." traversal.
> > + * filesystem path. Specifically, we disallow directory separators, runs
> > + * of "..", and trailing and leading dots, which means that the client
> > + * cannot escape our base path via ".." traversal.
>
> Not a new problem, but "runs of '..'" confused me. If I am reading
> the code right, we disallow directory separators (by ignoring) and
> two or more '.' in a row (by squashing them into a single '.').
Indeed, the code is a bit funny in that respect. But at least it keeps us
somewhat safe: there is currently no way to break out of the directory to
the parent directory, whether with this path or not. (Phew!)
Thanks,
Dscho
>
> > */
> > static void sanitize_client(struct strbuf *out, const char *in)
> > {
> > for (; *in; in++) {
> > - if (*in == '/')
> > + if (is_dir_sep(*in))
> > continue;
> > if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
> > continue;
> > --
> > 2.30.2
>
> Thanks.
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-03-26 14:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-25 16:21 [PATCH] daemon: sanitize all directory separators René Scharfe.
2021-03-26 4:22 ` Jeff King
[not found] ` <xmqq5z1fuen6.fsf@gitster.g>
2021-03-26 14:47 ` Johannes Schindelin
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).