diff options
author | Joseph Vusich <jvusich@amazon.com> | 2018-05-30 03:47:57 +0000 |
---|---|---|
committer | Joseph Vusich <jvusich@amazon.com> | 2018-05-30 17:42:15 +0000 |
commit | d87faeca21e6f416e88ae3d24dae58845d7487d4 (patch) | |
tree | b25fe7461e705f87b04f4525832635f506174441 | |
parent | 79b7f24160029966238b04dd41f69add0741a1d2 (diff) | |
download | go-git-d87faeca21e6f416e88ae3d24dae58845d7487d4.tar.gz |
worktree: Don't allow .gitmodules to be a symlink. Fixes CVE-2018-11235
References:
* https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
* https://security-tracker.debian.org/tracker/CVE-2018-11235
* https://github.com/git/git/commit/10ecfa76491e4923988337b2e2243b05376b40de
Signed-off-by: Joseph Vusich <jvusich@amazon.com>
-rw-r--r-- | submodule_test.go | 15 | ||||
-rw-r--r-- | worktree.go | 12 |
2 files changed, 27 insertions, 0 deletions
diff --git a/submodule_test.go b/submodule_test.go index 7c97179..2c0a2ed 100644 --- a/submodule_test.go +++ b/submodule_test.go @@ -196,6 +196,21 @@ func (s *SubmoduleSuite) TestSubmodulesInit(c *C) { } } +func (s *SubmoduleSuite) TestGitSubmodulesSymlink(c *C) { + f, err := s.Worktree.Filesystem.Create("badfile") + c.Assert(err, IsNil) + defer f.Close() + + err = s.Worktree.Filesystem.Remove(gitmodulesFile) + c.Assert(err, IsNil) + + err = s.Worktree.Filesystem.Symlink("badfile", gitmodulesFile) + c.Assert(err, IsNil) + + _, err = s.Worktree.Submodules() + c.Assert(err, Equals, ErrGitModulesSymlink) +} + func (s *SubmoduleSuite) TestSubmodulesStatus(c *C) { sm, err := s.Worktree.Submodules() c.Assert(err, IsNil) diff --git a/worktree.go b/worktree.go index ddf6fff..99b2cd1 100644 --- a/worktree.go +++ b/worktree.go @@ -28,6 +28,7 @@ var ( ErrWorktreeNotClean = errors.New("worktree is not clean") ErrSubmoduleNotFound = errors.New("submodule not found") ErrUnstagedChanges = errors.New("worktree contains unstaged changes") + ErrGitModulesSymlink = errors.New(gitmodulesFile + " is a symlink") ) // Worktree represents a git worktree. @@ -680,7 +681,18 @@ func (w *Worktree) newSubmodule(fromModules, fromConfig *config.Submodule) *Subm return m } +func (w *Worktree) isSymlink(path string) bool { + if s, err := w.Filesystem.Lstat(path); err == nil { + return s.Mode()&os.ModeSymlink != 0 + } + return false +} + func (w *Worktree) readGitmodulesFile() (*config.Modules, error) { + if w.isSymlink(gitmodulesFile) { + return nil, ErrGitModulesSymlink + } + f, err := w.Filesystem.Open(gitmodulesFile) if err != nil { if os.IsNotExist(err) { |