aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoseph Vusich <jvusich@amazon.com>2018-05-30 03:47:57 +0000
committerJoseph Vusich <jvusich@amazon.com>2018-05-30 17:42:15 +0000
commitd87faeca21e6f416e88ae3d24dae58845d7487d4 (patch)
treeb25fe7461e705f87b04f4525832635f506174441
parent79b7f24160029966238b04dd41f69add0741a1d2 (diff)
downloadgo-git-d87faeca21e6f416e88ae3d24dae58845d7487d4.tar.gz
worktree: Don't allow .gitmodules to be a symlink. Fixes CVE-2018-11235
References: * https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/ * https://security-tracker.debian.org/tracker/CVE-2018-11235 * https://github.com/git/git/commit/10ecfa76491e4923988337b2e2243b05376b40de Signed-off-by: Joseph Vusich <jvusich@amazon.com>
-rw-r--r--submodule_test.go15
-rw-r--r--worktree.go12
2 files changed, 27 insertions, 0 deletions
diff --git a/submodule_test.go b/submodule_test.go
index 7c97179..2c0a2ed 100644
--- a/submodule_test.go
+++ b/submodule_test.go
@@ -196,6 +196,21 @@ func (s *SubmoduleSuite) TestSubmodulesInit(c *C) {
}
}
+func (s *SubmoduleSuite) TestGitSubmodulesSymlink(c *C) {
+ f, err := s.Worktree.Filesystem.Create("badfile")
+ c.Assert(err, IsNil)
+ defer f.Close()
+
+ err = s.Worktree.Filesystem.Remove(gitmodulesFile)
+ c.Assert(err, IsNil)
+
+ err = s.Worktree.Filesystem.Symlink("badfile", gitmodulesFile)
+ c.Assert(err, IsNil)
+
+ _, err = s.Worktree.Submodules()
+ c.Assert(err, Equals, ErrGitModulesSymlink)
+}
+
func (s *SubmoduleSuite) TestSubmodulesStatus(c *C) {
sm, err := s.Worktree.Submodules()
c.Assert(err, IsNil)
diff --git a/worktree.go b/worktree.go
index ddf6fff..99b2cd1 100644
--- a/worktree.go
+++ b/worktree.go
@@ -28,6 +28,7 @@ var (
ErrWorktreeNotClean = errors.New("worktree is not clean")
ErrSubmoduleNotFound = errors.New("submodule not found")
ErrUnstagedChanges = errors.New("worktree contains unstaged changes")
+ ErrGitModulesSymlink = errors.New(gitmodulesFile + " is a symlink")
)
// Worktree represents a git worktree.
@@ -680,7 +681,18 @@ func (w *Worktree) newSubmodule(fromModules, fromConfig *config.Submodule) *Subm
return m
}
+func (w *Worktree) isSymlink(path string) bool {
+ if s, err := w.Filesystem.Lstat(path); err == nil {
+ return s.Mode()&os.ModeSymlink != 0
+ }
+ return false
+}
+
func (w *Worktree) readGitmodulesFile() (*config.Modules, error) {
+ if w.isSymlink(gitmodulesFile) {
+ return nil, ErrGitModulesSymlink
+ }
+
f, err := w.Filesystem.Open(gitmodulesFile)
if err != nil {
if os.IsNotExist(err) {