Merge pull request #1084 from libgit2/filename-validation

Filename validation
author: Vicent Martí <vicent@github.com> 2012-11-18 17:19:20 -0800
committer: Vicent Martí <vicent@github.com> 2012-11-18 17:19:20 -0800
commit: 560cc1e1ed0fb29679c32434490446bb6fd5dc17 (patch)
tree: 66b2cef0220d13f6543f1b0e3a2d56e42e759f43 /src/tree.c
parent: 629c08293051e9828f2ca3517d2659728647c2cd (diff)
parent: 1876360f813da8e6aba763baded5dcb004d9999c (diff)
download: libgit2-560cc1e1ed0fb29679c32434490446bb6fd5dc17.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/src/tree.c b/src/tree.c
index 7b47af347..6f9838880 100644
--- a/src/tree.c
+++ b/src/tree.c
@@ -26,7 +26,9 @@ static bool valid_filemode(const int filemode)
 
 static int valid_entry_name(const char *filename)
 {
-	return *filename != '\0' && strchr(filename, '/') == NULL;
+	return *filename != '\0' && strchr(filename, '/') == NULL &&
+		strcmp(filename, "..") != 0 && strcmp(filename, ".") != 0 &&
+		strcmp(filename, ".git") != 0;
 }
 
 static int entry_sort_cmp(const void *a, const void *b)
@@ -372,6 +374,9 @@ static int append_entry(
 {
 	git_tree_entry *entry;
 
+	if (!valid_entry_name(filename))
+		return tree_error("Failed to insert entry. Invalid name for a tree entry");
+
 	entry = alloc_entry(filename);
 	GITERR_CHECK_ALLOC(entry);
author	Vicent Martí <vicent@github.com>	2012-11-18 17:19:20 -0800
committer	Vicent Martí <vicent@github.com>	2012-11-18 17:19:20 -0800
commit	560cc1e1ed0fb29679c32434490446bb6fd5dc17 (patch)
tree	66b2cef0220d13f6543f1b0e3a2d56e42e759f43 /src/tree.c
parent	629c08293051e9828f2ca3517d2659728647c2cd (diff)
parent	1876360f813da8e6aba763baded5dcb004d9999c (diff)
download	libgit2-560cc1e1ed0fb29679c32434490446bb6fd5dc17.tar.gz