On 9/15/23 13:15, Junio C Hamano wrote:
Junio C Hamano <gitster@xxxxxxxxx> writes:
Shouldn't this "is it absolute" check with "$cmd" also check if $cmd
has either forward or backward slash in it?
Checking the use of _which with fixed arguments, it is used to spawn
git, gitk, nice, sh; and _which finding where they appear on the
search path does sound sane. But _which does not seem to have the "if
given a command with directory separator, the search path does not
matter. The caller means it is relative to the $cwd" logic at all,
so it seems it is the callers responsibility to make sure it does
not pass things like ".git/hooks/pre-commit" to it.
In other words, something along this line may go in the right
direction (I no longer speak Tcl, and this is done with manual in
one hand, while typing with the other hand).
I think a simpler fix is just to examine the number of path components -
more than one means a relative or absolute command (/foo splits into two
parts). The below works for me on Linux.
diff --git a/git-gui/git-gui.sh b/git-gui/git-gui.sh
index 277a2b1c8c..0c39d9fa26 100755
--- a/git-gui/git-gui.sh
+++ b/git-gui/git-gui.sh
@@ -118,7 +118,7 @@ proc sanitize_command_line {command_line from_index} {
set i $from_index
while {$i < [llength $command_line]} {
set cmd [lindex $command_line $i]
- if {[file pathtype $cmd] ne "absolute"} {
+ if {[llength [file split $cmd]] < 2} {
set fullpath [_which $cmd]
if {$fullpath eq ""} {
throw {NOT-FOUND} "$cmd not found in PATH"
We could also wrap the entirety of commit aae9560a in
if {[is_Windows]} { ... }
as all of this code is fixing a Windows specific vulnerability, though a
fix like the above is needed regardless.
Mark
