diff options
author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2023-02-06 09:25:56 +0100 |
---|---|---|
committer | Johannes Schindelin <johannes.schindelin@gmx.de> | 2023-02-06 09:25:56 +0100 |
commit | 87248c5933891f20e47ce8153530b8ad76f53098 (patch) | |
tree | 977c8a030c7536d97981643a98a0a5187d951b2c /apply.c | |
parent | 25d7cb600c0e81d553ab2937f459dbc19b9e2d34 (diff) | |
parent | 2aedeff35fde779b03b57125b1f50f6c528bfbea (diff) | |
download | git-87248c5933891f20e47ce8153530b8ad76f53098.tar.gz |
Sync with 2.32.6
* maint-2.32:
Git 2.32.6
Git 2.31.7
Git 2.30.8
apply: fix writing behind newly created symbolic links
dir-iterator: prevent top-level symlinks without FOLLOW_SYMLINKS
clone: delay picking a transport until after get_repo_path()
t5619: demonstrate clone_local() with ambiguous transport
Diffstat (limited to 'apply.c')
-rw-r--r-- | apply.c | 27 |
1 files changed, 27 insertions, 0 deletions
@@ -4424,6 +4424,33 @@ static int create_one_file(struct apply_state *state, if (state->cached) return 0; + /* + * We already try to detect whether files are beyond a symlink in our + * up-front checks. But in the case where symlinks are created by any + * of the intermediate hunks it can happen that our up-front checks + * didn't yet see the symlink, but at the point of arriving here there + * in fact is one. We thus repeat the check for symlinks here. + * + * Note that this does not make the up-front check obsolete as the + * failure mode is different: + * + * - The up-front checks cause us to abort before we have written + * anything into the working directory. So when we exit this way the + * working directory remains clean. + * + * - The checks here happen in the middle of the action where we have + * already started to apply the patch. The end result will be a dirty + * working directory. + * + * Ideally, we should update the up-front checks to catch what would + * happen when we apply the patch before we damage the working tree. + * We have all the information necessary to do so. But for now, as a + * part of embargoed security work, having this check would serve as a + * reasonable first step. + */ + if (path_is_beyond_symlink(state, path)) + return error(_("affected file '%s' is beyond a symbolic link"), path); + res = try_create_file(state, path, mode, buf, size); if (res < 0) return -1; |