diff options
| author | Johannes Sixt <j6t@kdbg.org> | 2025-05-20 08:56:09 +0200 |
|---|---|---|
| committer | Taylor Blau <me@ttaylorr.com> | 2025-05-23 17:04:31 -0400 |
| commit | 311d9ada3a7c2c49669d656a0359cc3a9ccfeeef (patch) | |
| tree | 2a415d4e14344093eda9d6e2a0daa026ae564989 /git-gui/lib/choose_repository.tcl | |
| parent | a7d1716fa648f6557ea9c91e0f04bae2e8738e6a (diff) | |
| parent | a437f5bc93330a70b42a230e52f3bd036ca1b1da (diff) | |
| download | git-311d9ada3a7c2c49669d656a0359cc3a9ccfeeef.tar.gz | |
Merge branch 'js/fix-open-exec'
This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:
When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Diffstat (limited to 'git-gui/lib/choose_repository.tcl')
| -rw-r--r-- | git-gui/lib/choose_repository.tcl | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/git-gui/lib/choose_repository.tcl b/git-gui/lib/choose_repository.tcl index d23abedcb3..5b361cc424 100644 --- a/git-gui/lib/choose_repository.tcl +++ b/git-gui/lib/choose_repository.tcl @@ -641,8 +641,8 @@ method _do_clone2 {} { set pwd [pwd] if {[catch { file mkdir [gitdir objects info] - set f_in [open [file join $objdir info alternates] r] - set f_cp [open [gitdir objects info alternates] w] + set f_in [safe_open_file [file join $objdir info alternates] r] + set f_cp [safe_open_file [gitdir objects info alternates] w] fconfigure $f_in -translation binary -encoding binary fconfigure $f_cp -translation binary -encoding binary cd $objdir @@ -727,7 +727,7 @@ method _do_clone2 {} { [cb _do_clone_tags] } shared { - set fd [open [gitdir objects info alternates] w] + set fd [safe_open_file [gitdir objects info alternates] w] fconfigure $fd -translation binary puts $fd $objdir close $fd @@ -760,8 +760,8 @@ method _copy_files {objdir tocopy} { } foreach p $tocopy { if {[catch { - set f_in [open [file join $objdir $p] r] - set f_cp [open [file join .git objects $p] w] + set f_in [safe_open_file [file join $objdir $p] r] + set f_cp [safe_open_file [file join .git objects $p] w] fconfigure $f_in -translation binary -encoding binary fconfigure $f_cp -translation binary -encoding binary @@ -818,12 +818,12 @@ method _clone_refs {} { error_popup [mc "Not a Git repository: %s" [file tail $origin_url]] return 0 } - set fd_in [git_read for-each-ref \ + set fd_in [git_read [list for-each-ref \ --tcl \ - {--format=list %(refname) %(objectname) %(*objectname)}] + {--format=list %(refname) %(objectname) %(*objectname)}]] cd $pwd - set fd [open [gitdir packed-refs] w] + set fd [safe_open_file [gitdir packed-refs] w] fconfigure $fd -translation binary puts $fd "# pack-refs with: peeled" while {[gets $fd_in line] >= 0} { @@ -877,7 +877,7 @@ method _do_clone_full_end {ok} { set HEAD {} if {[file exists [gitdir FETCH_HEAD]]} { - set fd [open [gitdir FETCH_HEAD] r] + set fd [safe_open_file [gitdir FETCH_HEAD] r] while {[gets $fd line] >= 0} { if {[regexp "^(.{40})\t\t" $line line HEAD]} { break @@ -953,13 +953,14 @@ method _do_clone_checkout {HEAD} { [mc "files"]] set readtree_err {} - set fd [git_read --stderr read-tree \ + set fd [git_read [list read-tree \ -m \ -u \ -v \ HEAD \ HEAD \ - ] + ] \ + [list 2>@1]] fconfigure $fd -blocking 0 -translation binary fileevent $fd readable [cb _readtree_wait $fd] } |