Skip to content
Permalink
Browse files Browse the repository at this point in the history
Protect against 8.3 "short name" attacks also on Linux/macOS
The Windows Subsystem for Linux (WSL) is getting increasingly popular,
in particular because it makes it _so_ easy to run Linux software on
Windows' files, via the auto-mounted Windows drives (`C:\` is mapped to
`/mnt/c/`, no need to set that up manually).

Unfortunately, files/directories on the Windows drives can be accessed
via their _short names_, if that feature is enabled (which it is on the
`C:` drive by default).

Which means that we have to safeguard even our Linux users against the
short name attacks.

Further, while the default options of CIFS/SMB-mounts seem to disallow
accessing files on network shares via their short names on Linux/macOS,
it _is_ possible to do so with the right options.

So let's just safe-guard against short name attacks _everywhere_.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
  • Loading branch information
dscho authored and ethomson committed Dec 10, 2019
1 parent d29d4de commit 64c612c
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/checkout.c
Expand Up @@ -1271,7 +1271,7 @@ static int checkout_verify_paths(
int action,
git_diff_delta *delta)
{
unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS;
unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS | GIT_PATH_REJECT_DOT_GIT_NTFS;

if (action & CHECKOUT_ACTION__REMOVE) {
if (!git_path_isvalid(repo, delta->old_file.path, delta->old_file.mode, flags)) {
Expand Down
3 changes: 1 addition & 2 deletions tests/checkout/nasty.c
Expand Up @@ -206,9 +206,8 @@ void test_checkout_nasty__dot_git_dot(void)
*/
void test_checkout_nasty__git_tilde1(void)
{
#ifdef GIT_WIN32
test_checkout_fails("refs/heads/git_tilde1", ".git/foobar");
#endif
test_checkout_fails("refs/heads/git_tilde1", "git~1/foobar");
}

/* A tree that contains an entry "git~2", when we have forced the short
Expand Down

0 comments on commit 64c612c

Please sign in to comment.