From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Junio C Hamano <gitster@pobox.com>
Cc: "René Scharfe." <l.s.r@web.de>, "Git List" <git@vger.kernel.org>,
"Jeff King" <peff@peff.net>
Subject: Re: [PATCH] daemon: sanitize all directory separators
Date: Fri, 26 Mar 2021 15:47:14 +0100 (CET) [thread overview]
Message-ID: <nycvar.QRO.7.76.6.2103261543550.52@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <xmqq5z1fuen6.fsf@gitster.g>
[-- Attachment #1: Type: text/plain, Size: 2275 bytes --]
Hi Junio & René,
On Thu, 25 Mar 2021, Junio C Hamano wrote:
> René Scharfe. <l.s.r@web.de> writes:
>
> > When sanitizing client-supplied strings on Windows, also strip off
> > backslashes, not just slashes.
> >
> > Signed-off-by: René Scharfe <l.s.r@web.de>
> > ---
> > daemon.c | 8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
>
> I do not know how common is it to run "git daemon" on Windows, but
> it would be nice to have at least an ack from Windows person.
Here is my ACK.
I do not have any precise numbers, of course, as we do not have any
telemetry in Git for Windows (for better or worse).
There _are_ occasional reports about something in `git daemon` not
working; Most notably, you have to turn off the sideband to make `push`
work.
> > diff --git a/daemon.c b/daemon.c
> > index 2ab7ea82eb..0561c19ee8 100644
> > --- a/daemon.c
> > +++ b/daemon.c
> > @@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host,
> >
> > /*
> > * Sanitize a string from the client so that it's OK to be inserted into a
> > - * filesystem path. Specifically, we disallow slashes, runs of "..", and
> > - * trailing and leading dots, which means that the client cannot escape
> > - * our base path via ".." traversal.
> > + * filesystem path. Specifically, we disallow directory separators, runs
> > + * of "..", and trailing and leading dots, which means that the client
> > + * cannot escape our base path via ".." traversal.
>
> Not a new problem, but "runs of '..'" confused me. If I am reading
> the code right, we disallow directory separators (by ignoring) and
> two or more '.' in a row (by squashing them into a single '.').
Indeed, the code is a bit funny in that respect. But at least it keeps us
somewhat safe: there is currently no way to break out of the directory to
the parent directory, whether with this path or not. (Phew!)
Thanks,
Dscho
>
> > */
> > static void sanitize_client(struct strbuf *out, const char *in)
> > {
> > for (; *in; in++) {
> > - if (*in == '/')
> > + if (is_dir_sep(*in))
> > continue;
> > if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
> > continue;
> > --
> > 2.30.2
>
> Thanks.
>
prev parent reply other threads:[~2021-03-26 14:48 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-25 16:21 [PATCH] daemon: sanitize all directory separators René Scharfe.
2021-03-26 4:22 ` Jeff King
[not found] ` <xmqq5z1fuen6.fsf@gitster.g>
2021-03-26 14:47 ` Johannes Schindelin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.QRO.7.76.6.2103261543550.52@tvgsbejvaqbjf.bet \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=l.s.r@web.de \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).