rpms / git

Clone
Source Code
GIT

Files

  1.   647f522ae2be831ba189e42bf158d605867177d4
  2.   SOURCES
  3.   git-cve-2018-17456-tests.patch
Blob Blame History Raw 
From 90243e8192574f43bb84be01528504ec230d7fd3 Mon Sep 17 00:00:00 2001
From: Pavel Cahyna <pcahyna@redhat.com>
Date: Fri, 19 Oct 2018 10:55:43 +0200
Subject: [PATCH 2/2] submodule-config: ban submodule urls that start with dash
 - tests

Our tests cover two cases:

  1. A file url with "./" continues to work, showing that
     there's an escape hatch for people with truly silly
     repo names.

  2. A url starting with "-" is rejected.

Note that we expect case (2) to fail, but it would have done
so even without this commit, for the reasons given above.
So instead of just expecting failure, let's also check for
the magic word "ignoring" on stderr. That lets us know that
we failed for the right reason.

[pc: backported to 1.8.3.1 by avoiding -C in tests]

submodule-config: ban submodule paths that start with a dash - test

There are two minor differences to the tests in t7416 (that
covered urls):

  1. We don't have a "./-sub" escape hatch to make this
     work, since the submodule code expects to be able to
     match canonical index names to the path field (so you
     are free to add submodule config with that path, but we
     would never actually use it, since an index entry would
     never start with "./").

  2. After this patch, cloning actually succeeds. Since we
     ignore the submodule.*.path value, we fail to find a
     config stanza for our submodule at all, and simply
     treat it as inactive. We still check for the "ignoring"
     message.

[jn:
 - the original patch expects 'git clone' to succeed in
   the test because v2.13.0-rc0~10^2~3 (clone: teach
   --recurse-submodules to optionally take a pathspec,
   2017-03-17) makes 'git clone' skip invalid submodules.
   Updated the test to pass in older Git versions where the
   submodule name check makes 'git clone' fail.]

[pc:
 - avoid -C in tests
 - reimplement git mv of a submodule, git mv gained that functionality later.]

fsck: detect submodule urls starting with dash - tests

[pc: backported to 1.8.3.1 by avoiding -C in tests ]

fsck: detect submodule paths starting with dash - test

commit 1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404 upstream.

[pc: backported to 1.8.3.1 by avoiding -C in tests ]
---
 t/t7416-submodule-dash-url.sh | 49 +++++++++++++++++++++++++++++++++++++++++++
 t/t7417-submodule-path-url.sh | 32 ++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100755 t/t7416-submodule-dash-url.sh
 create mode 100755 t/t7417-submodule-path-url.sh

diff --git a/t/t7416-submodule-dash-url.sh b/t/t7416-submodule-dash-url.sh
new file mode 100755
index 000000000..e85f2e9d2
--- /dev/null
+++ b/t/t7416-submodule-dash-url.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+test_description='check handling of .gitmodule url with dash'
+. ./test-lib.sh
+
+test_expect_success 'create submodule with protected dash in url' '
+	git init upstream &&
+	( cd upstream && git commit --allow-empty -m base ) &&
+	mv upstream ./-upstream &&
+	git submodule add ./-upstream sub &&
+	git add sub .gitmodules &&
+	git commit -m submodule
+'
+
+test_expect_success 'clone can recurse submodule' '
+	test_when_finished "rm -rf dst" &&
+	git clone --recurse-submodules . dst &&
+	echo base >expect &&
+	( cd dst/sub && git log -1 --format=%s ) >actual &&
+	test_cmp expect actual
+'
+
+test_expect_success 'fsck accepts protected dash' '
+	test_when_finished "rm -rf dst" &&
+	git init --bare dst &&
+	( cd dst && git config transfer.fsckObjects true ) &&
+	git push dst HEAD
+'
+
+test_expect_success 'remove ./ protection from .gitmodules url' '
+	perl -i -pe "s{\./}{}" .gitmodules &&
+	git commit -am "drop protection"
+'
+
+test_expect_success 'clone rejects unprotected dash' '
+	test_when_finished "rm -rf dst" &&
+	test_must_fail git clone --recurse-submodules . dst 2>err &&
+	test_i18ngrep "may be interpreted as a command-line option" err
+'
+
+test_expect_success 'fsck rejects unprotected dash' '
+	test_when_finished "rm -rf dst" &&
+	git init --bare dst &&
+	( cd dst && git config transfer.fsckObjects true ) &&
+	test_must_fail git push dst HEAD 2>err &&
+	test_i18ngrep "disallowed submodule url" err
+'
+
+test_done
diff --git a/t/t7417-submodule-path-url.sh b/t/t7417-submodule-path-url.sh
new file mode 100755
index 000000000..141b42a11
--- /dev/null
+++ b/t/t7417-submodule-path-url.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+test_description='check handling of .gitmodule path with dash'
+. ./test-lib.sh
+
+test_expect_success 'create submodule with dash in path' '
+	git init upstream &&
+	( cd upstream && git commit --allow-empty -m base ) &&
+	git submodule add ./upstream sub &&
+        mv -- sub -sub &&
+        git rm --cached sub &&
+        sed -i -e "/=.*sub$/s/sub/-sub/" .git/modules/sub/config &&
+        sed -i -e "/=.*sub$/s/sub/-sub/" .gitmodules &&
+        git add -- -sub .git/modules/sub/config .gitmodules &&
+	git commit -m submodule
+'
+
+test_expect_success 'clone rejects unprotected dash' '
+	test_when_finished "rm -rf dst" &&
+	test_might_fail git clone --recurse-submodules . dst 2>err &&
+	test_i18ngrep "may be interpreted as a command-line option" err
+'
+
+test_expect_success 'fsck rejects unprotected dash' '
+	test_when_finished "rm -rf dst" &&
+	git init --bare dst &&
+	( cd dst && git config transfer.fsckObjects true ) &&
+	test_must_fail git push dst HEAD 2>err &&
+	test_i18ngrep "disallowed submodule path" err
+'
+
+test_done
-- 
2.14.4

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation