In some situations run-command will incorrectly try (and fail) to
execute a directory instead of an executable file. This was observed by
having a directory called "ssh" in $PATH before the real ssh and trying
to use ssh protoccol, reslting in the following:
$ git ls-remote ssh://url
fatal: cannot exec 'ssh': Permission denied
It ends up being worse and run-command will even try to execute a
non-executable file if it preceeds the executable version of a file on
the PATH. For example, if PATH=~/bin1:~/bin2:~/bin3 and there exists a
directory 'git-hello' in 'bin1', a non-executable file 'git-hello' in
bin2 and an executable file 'git-hello' (which prints "Hello World!") in
bin3 the following will occur:
$ git hello
fatal: cannot exec 'git-hello': Permission denied
This is due to only checking 'access()' when locating an executable in
PATH, which doesn't distinguish between files and directories. Instead
use 'is_executable()' which check that the path is to a regular,
executable file. Now run-command won't try to execute the directory or
non-executable file 'git-hello':
$ git hello
Hello World!
This matches what 'execvp()' would have done with a request to execute
'git-hello' with such a $PATH.
Reported-by: Brian Hatfield <bhatfield@xxxxxxxxxx>
Signed-off-by: Brandon Williams <bmwill@xxxxxxxxxx>
---
This [2/2] patch has the exact same diff as v8, the only difference is to the
commit message per Junio's request to add an explanation for why this
particular behavior is desirable (because it matches what execvp() does).
I didn't resend out [1/2] of this fixup because it is identical to the v8
version.
run-command.c | 19 ++++++++++++++++++-
t/t0061-run-command.sh | 30 ++++++++++++++++++++++++++++++
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/run-command.c b/run-command.c
index 2ffbd7e67..9e36151bf 100644
--- a/run-command.c
+++ b/run-command.c
@@ -159,6 +159,23 @@ int is_executable(const char *name)
return st.st_mode & S_IXUSR;
}
+/*
+ * Search $PATH for a command. This emulates the path search that
+ * execvp would perform, without actually executing the command so it
+ * can be used before fork() to prepare to run a command using
+ * execve() or after execvp() to diagnose why it failed.
+ *
+ * The caller should ensure that file contains no directory
+ * separators.
+ *
+ * Returns the path to the command, as found in $PATH or NULL if the
+ * command could not be found. The caller inherits ownership of the memory
+ * used to store the resultant path.
+ *
+ * This should not be used on Windows, where the $PATH search rules
+ * are more complicated (e.g., a search for "foo" should find
+ * "foo.exe").
+ */
static char *locate_in_PATH(const char *file)
{
const char *p = getenv("PATH");
@@ -179,7 +196,7 @@ static char *locate_in_PATH(const char *file)
}
strbuf_addstr(&buf, file);
- if (!access(buf.buf, F_OK))
+ if (is_executable(buf.buf))
return strbuf_detach(&buf, NULL);
if (!*end)
diff --git a/t/t0061-run-command.sh b/t/t0061-run-command.sh
index 98c09dd98..e4739170a 100755
--- a/t/t0061-run-command.sh
+++ b/t/t0061-run-command.sh
@@ -37,6 +37,36 @@ test_expect_success !MINGW 'run_command can run a script without a #! line' '
test_cmp empty err
'
+test_expect_success 'run_command does not try to execute a directory' '
+ test_when_finished "rm -rf bin1 bin2" &&
+ mkdir -p bin1/greet bin2 &&
+ write_script bin2/greet <<-\EOF &&
+ cat bin2/greet
+ EOF
+
+ PATH=$PWD/bin1:$PWD/bin2:$PATH \
+ test-run-command run-command greet >actual 2>err &&
+ test_cmp bin2/greet actual &&
+ test_cmp empty err
+'
+
+test_expect_success POSIXPERM 'run_command passes over non-executable file' '
+ test_when_finished "rm -rf bin1 bin2" &&
+ mkdir -p bin1 bin2 &&
+ write_script bin1/greet <<-\EOF &&
+ cat bin1/greet
+ EOF
+ chmod -x bin1/greet &&
+ write_script bin2/greet <<-\EOF &&
+ cat bin2/greet
+ EOF
+
+ PATH=$PWD/bin1:$PWD/bin2:$PATH \
+ test-run-command run-command greet >actual 2>err &&
+ test_cmp bin2/greet actual &&
+ test_cmp empty err
+'
+
test_expect_success POSIXPERM 'run_command reports EACCES' '
cat hello-script >hello.sh &&
chmod -x hello.sh &&
--
2.13.0.rc0.306.g87b477812d-goog