| Message ID | pull.1020.git.git.1620360300.gitgitgadget@gmail.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Directory traversal fixes | expand |
On 5/7/2021 12:04 AM, Elijah Newren via GitGitGadget wrote: > This patchset fixes a few directory traversal issues, where fill_directory() > would traverse into directories that it shouldn't and not traverse into > directories that it should. One of these issues was reported recently on > this list[1], another was found at $DAYJOB. > > The fifth patch might have backward compatibility implications, but is easy > to review. Even if the logic in dir.c makes your eyes glaze over, at least > take a look at the fifth patch. > > Also, if anyone has any ideas about a better place to put the "Some > sidenotes" from the third commit message rather than keeping them in a > random commit message, that might be helpful too. As for your patches themselves, I can't claim to understand all the complicated details about how treat_directory() is working, but your patches are well organized and the new tests are the real proof that this is working as intended. Thanks for the attention to detail here. -Stolee
This patchset fixes a few directory traversal issues, where fill_directory() would traverse into directories that it shouldn't and not traverse into directories that it should. One of these issues was reported recently on this list[1], another was found at $DAYJOB. The fifth patch might have backward compatibility implications, but is easy to review. Even if the logic in dir.c makes your eyes glaze over, at least take a look at the fifth patch. Also, if anyone has any ideas about a better place to put the "Some sidenotes" from the third commit message rather than keeping them in a random commit message, that might be helpful too. [1] See https://lore.kernel.org/git/DM6PR00MB06829EC5B85E0C5AC595004E894E9@DM6PR00MB0682.namprd00.prod.outlook.com/ or alternatively https://github.com/git-for-windows/git/issues/2732. Elijah Newren (5): t7300: add testcase showing unnecessary traversal into ignored directory t3001, t7300: add testcase showcasing missed directory traversal dir: avoid unnecessary traversal into ignored directory dir: traverse into untracked directories if they may have ignored subfiles [RFC] ls-files: error out on -i unless -o or -c are specified builtin/ls-files.c | 3 ++ dir.c | 50 ++++++++++++++++--------- t/t1306-xdg-files.sh | 2 +- t/t3001-ls-files-others-exclude.sh | 5 +++ t/t3003-ls-files-exclude.sh | 4 +- t/t7300-clean.sh | 59 ++++++++++++++++++++++++++++++ 6 files changed, 103 insertions(+), 20 deletions(-) base-commit: 311531c9de557d25ac087c1637818bd2aad6eb3a Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1020%2Fnewren%2Fdirectory-traversal-fixes-v1 Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1020/newren/directory-traversal-fixes-v1 Pull-Request: https://github.com/git/git/pull/1020