Merge branch 'js/fix-open-exec'

This addresses CVE-2025-46835, Git GUI can create and overwrite a user's files: When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. Signed-off-by: Johannes Sixt <j6t@kdbg.org>
author: Johannes Sixt <j6t@kdbg.org> 2025-05-20 08:56:09 +0200
committer: Taylor Blau <me@ttaylorr.com> 2025-05-23 17:04:31 -0400
commit: 311d9ada3a7c2c49669d656a0359cc3a9ccfeeef (patch)
tree: 2a415d4e14344093eda9d6e2a0daa026ae564989 /git-gui/lib/merge.tcl
parent: a7d1716fa648f6557ea9c91e0f04bae2e8738e6a (diff)
parent: a437f5bc93330a70b42a230e52f3bd036ca1b1da (diff)
download: git-311d9ada3a7c2c49669d656a0359cc3a9ccfeeef.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/git-gui/lib/merge.tcl b/git-gui/lib/merge.tcl
index 664803cf3f..44c3f93584 100644
--- a/git-gui/lib/merge.tcl
+++ b/git-gui/lib/merge.tcl
@@ -93,7 +93,7 @@ method _start {} {
 	set spec [$w_rev get_tracking_branch]
 	set cmit [$w_rev get_commit]
 
-	set fh [open [gitdir FETCH_HEAD] w]
+	set fh [safe_open_file [gitdir FETCH_HEAD] w]
 	fconfigure $fh -translation lf
 	if {$spec eq {}} {
 		set remote .
@@ -118,7 +118,7 @@ method _start {} {
 		set cmd [list git]
 		lappend cmd merge
 		lappend cmd --strategy=recursive
-		lappend cmd [git fmt-merge-msg <[gitdir FETCH_HEAD]]
+		lappend cmd [git_redir [list fmt-merge-msg] [list <[gitdir FETCH_HEAD]]]
 		lappend cmd HEAD
 		lappend cmd $name
 	}
@@ -239,7 +239,7 @@ Continue with resetting the current changes?"]
 	}
 
 	if {[ask_popup $op_question] eq {yes}} {
-		set fd [git_read --stderr read-tree --reset -u -v HEAD]
+		set fd [git_read [list read-tree --reset -u -v HEAD] [list 2>@1]]
 		fconfigure $fd -blocking 0 -translation binary
 		set status_bar_operation [$::main_status \
 			start \
author	Johannes Sixt <j6t@kdbg.org>	2025-05-20 08:56:09 +0200
committer	Taylor Blau <me@ttaylorr.com>	2025-05-23 17:04:31 -0400
commit	311d9ada3a7c2c49669d656a0359cc3a9ccfeeef (patch)
tree	2a415d4e14344093eda9d6e2a0daa026ae564989 /git-gui/lib/merge.tcl
parent	a7d1716fa648f6557ea9c91e0f04bae2e8738e6a (diff)
parent	a437f5bc93330a70b42a230e52f3bd036ca1b1da (diff)
download	git-311d9ada3a7c2c49669d656a0359cc3a9ccfeeef.tar.gz