Hi Junio & René,
On Thu, 25 Mar 2021, Junio C Hamano wrote:
> René Scharfe. <l.s.r@xxxxxx> writes:
>
> > When sanitizing client-supplied strings on Windows, also strip off
> > backslashes, not just slashes.
> >
> > Signed-off-by: René Scharfe <l.s.r@xxxxxx>
> > ---
> > daemon.c | 8 ++++----
> > 1 file changed, 4 insertions(+), 4 deletions(-)
>
> I do not know how common is it to run "git daemon" on Windows, but
> it would be nice to have at least an ack from Windows person.
Here is my ACK.
I do not have any precise numbers, of course, as we do not have any
telemetry in Git for Windows (for better or worse).
There _are_ occasional reports about something in `git daemon` not
working; Most notably, you have to turn off the sideband to make `push`
work.
> > diff --git a/daemon.c b/daemon.c
> > index 2ab7ea82eb..0561c19ee8 100644
> > --- a/daemon.c
> > +++ b/daemon.c
> > @@ -566,14 +566,14 @@ static void parse_host_and_port(char *hostport, char **host,
> >
> > /*
> > * Sanitize a string from the client so that it's OK to be inserted into a
> > - * filesystem path. Specifically, we disallow slashes, runs of "..", and
> > - * trailing and leading dots, which means that the client cannot escape
> > - * our base path via ".." traversal.
> > + * filesystem path. Specifically, we disallow directory separators, runs
> > + * of "..", and trailing and leading dots, which means that the client
> > + * cannot escape our base path via ".." traversal.
>
> Not a new problem, but "runs of '..'" confused me. If I am reading
> the code right, we disallow directory separators (by ignoring) and
> two or more '.' in a row (by squashing them into a single '.').
Indeed, the code is a bit funny in that respect. But at least it keeps us
somewhat safe: there is currently no way to break out of the directory to
the parent directory, whether with this path or not. (Phew!)
Thanks,
Dscho
>
> > */
> > static void sanitize_client(struct strbuf *out, const char *in)
> > {
> > for (; *in; in++) {
> > - if (*in == '/')
> > + if (is_dir_sep(*in))
> > continue;
> > if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
> > continue;
> > --
> > 2.30.2
>
> Thanks.
>
