diff options
| author | Johannes Sixt <j6t@kdbg.org> | 2025-05-20 08:56:09 +0200 |
|---|---|---|
| committer | Taylor Blau <me@ttaylorr.com> | 2025-05-23 17:04:31 -0400 |
| commit | 311d9ada3a7c2c49669d656a0359cc3a9ccfeeef (patch) | |
| tree | 2a415d4e14344093eda9d6e2a0daa026ae564989 /git-gui/lib/checkout_op.tcl | |
| parent | a7d1716fa648f6557ea9c91e0f04bae2e8738e6a (diff) | |
| parent | a437f5bc93330a70b42a230e52f3bd036ca1b1da (diff) | |
| download | git-311d9ada3a7c2c49669d656a0359cc3a9ccfeeef.tar.gz | |
Merge branch 'js/fix-open-exec'
This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:
When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Diffstat (limited to 'git-gui/lib/checkout_op.tcl')
| -rw-r--r-- | git-gui/lib/checkout_op.tcl | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/git-gui/lib/checkout_op.tcl b/git-gui/lib/checkout_op.tcl index 21ea768d80..87ed0b4858 100644 --- a/git-gui/lib/checkout_op.tcl +++ b/git-gui/lib/checkout_op.tcl @@ -304,12 +304,12 @@ The rescan will be automatically started now. _readtree $this } else { ui_status [mc "Refreshing file status..."] - set fd [git_read update-index \ + set fd [git_read [list update-index \ -q \ --unmerged \ --ignore-missing \ --refresh \ - ] + ]] fconfigure $fd -blocking 0 -translation binary fileevent $fd readable [cb _refresh_wait $fd] } @@ -345,14 +345,15 @@ method _readtree {} { [mc "Updating working directory to '%s'..." [_name $this]] \ [mc "files checked out"]] - set fd [git_read --stderr read-tree \ + set fd [git_read [list read-tree \ -m \ -u \ -v \ --exclude-per-directory=.gitignore \ $HEAD \ $new_hash \ - ] + ] \ + [list 2>@1]] fconfigure $fd -blocking 0 -translation binary fileevent $fd readable [cb _readtree_wait $fd $status_bar_operation] } @@ -510,18 +511,8 @@ method _update_repo_state {} { delete_this } -git-version proc _detach_HEAD {log new} { - >= 1.5.3 { - git update-ref --no-deref -m $log HEAD $new - } - default { - set p [gitdir HEAD] - file delete $p - set fd [open $p w] - fconfigure $fd -translation lf -encoding utf-8 - puts $fd $new - close $fd - } +proc _detach_HEAD {log new} { + git update-ref --no-deref -m $log HEAD $new } method _confirm_reset {cur} { @@ -582,7 +573,7 @@ method _confirm_reset {cur} { pack $w.buttons.cancel -side right -padx 5 pack $w.buttons -side bottom -fill x -pady 10 -padx 10 - set fd [git_read rev-list --pretty=oneline $cur ^$new_hash] + set fd [git_read [list rev-list --pretty=oneline $cur ^$new_hash]] while {[gets $fd line] > 0} { set abbr [string range $line 0 7] set subj [string range $line 41 end] |