diff options
| author | Johannes Sixt <j6t@kdbg.org> | 2025-07-08 21:22:00 +0200 |
|---|---|---|
| committer | Johannes Sixt <j6t@kdbg.org> | 2025-07-08 21:22:48 +0200 |
| commit | 3f072308447ed2aab0228d21a7ce334beeeca7e8 (patch) | |
| tree | c793ec4ca2df45d93e85f63f91537bf3d7243abf /lib/diff.tcl | |
| parent | 88125ffe702fcc3aaf5dbcd8b87f74752291f294 (diff) | |
| parent | a437f5bc93330a70b42a230e52f3bd036ca1b1da (diff) | |
| download | git-3f072308447ed2aab0228d21a7ce334beeeca7e8.tar.gz | |
Merge branch 'js/fix-open-exec-git'
This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:
When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.
* js/fix-open-exec-git:
git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls
git-gui: do not mistake command arguments as redirection operators
git-gui: introduce function git_redir for git calls with redirections
git-gui: pass redirections as separate argument to git_read
git-gui: pass redirections as separate argument to _open_stdout_stderr
git-gui: convert git_read*, git_write to be non-variadic
git-gui: use git_read in githook_read
git-gui: break out a separate function git_read_nice
git-gui: remove option --stderr from git_read
git-gui: sanitize 'exec' arguments: background
git-gui: sanitize 'exec' arguments: simple cases
git-gui: treat file names beginning with "|" as relative paths
git-gui: remove git config --list handling for git < 1.5.3
git-gui: remove HEAD detachment implementation for git < 1.5.3
git-gui: remove Tcl 8.4 workaround on 2>@1 redirection
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Diffstat (limited to 'lib/diff.tcl')
| -rw-r--r-- | lib/diff.tcl | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/diff.tcl b/lib/diff.tcl index d657bfec05..84f0468c7c 100644 --- a/lib/diff.tcl +++ b/lib/diff.tcl @@ -191,7 +191,7 @@ proc show_other_diff {path w m cont_info} { set sz [string length $content] } file { - set fd [open $path r] + set fd [safe_open_file $path r] fconfigure $fd \ -eofchar {} \ -encoding [get_path_encoding $path] @@ -215,7 +215,7 @@ proc show_other_diff {path w m cont_info} { $ui_diff insert end \ "* [mc "Git Repository (subproject)"]\n" \ d_info - } elseif {![catch {set type [exec file $path]}]} { + } elseif {![catch {set type [safe_exec [list file $path]]}]} { set n [string length $path] if {[string equal -length $n $path $type]} { set type [string range $type $n end] @@ -327,7 +327,7 @@ proc start_show_diff {cont_info {add_opts {}}} { } } - if {[catch {set fd [eval git_read --nice $cmd]} err]} { + if {[catch {set fd [git_read_nice $cmd]} err]} { set diff_active 0 unlock_index ui_status [mc "Unable to display %s" [escape_path $path]] @@ -603,7 +603,7 @@ proc apply_or_revert_hunk {x y revert} { if {[catch { set enc [get_path_encoding $current_diff_path] - set p [eval git_write $apply_cmd] + set p [git_write $apply_cmd] fconfigure $p -translation binary -encoding $enc puts -nonewline $p $wholepatch close $p} err]} { @@ -839,7 +839,7 @@ proc apply_or_revert_range_or_line {x y revert} { if {[catch { set enc [get_path_encoding $current_diff_path] - set p [eval git_write $apply_cmd] + set p [git_write $apply_cmd] fconfigure $p -translation binary -encoding $enc puts -nonewline $p $current_diff_header puts -nonewline $p $wholepatch @@ -876,7 +876,7 @@ proc undo_last_revert {} { if {[catch { set enc $last_revert_enc - set p [eval git_write $apply_cmd] + set p [git_write $apply_cmd] fconfigure $p -translation binary -encoding $enc puts -nonewline $p $last_revert close $p} err]} { |