diff options
| author | Johannes Sixt <j6t@kdbg.org> | 2025-07-08 21:22:00 +0200 |
|---|---|---|
| committer | Johannes Sixt <j6t@kdbg.org> | 2025-07-08 21:22:48 +0200 |
| commit | 3f072308447ed2aab0228d21a7ce334beeeca7e8 (patch) | |
| tree | c793ec4ca2df45d93e85f63f91537bf3d7243abf /lib/merge.tcl | |
| parent | 88125ffe702fcc3aaf5dbcd8b87f74752291f294 (diff) | |
| parent | a437f5bc93330a70b42a230e52f3bd036ca1b1da (diff) | |
| download | git-3f072308447ed2aab0228d21a7ce334beeeca7e8.tar.gz | |
Merge branch 'js/fix-open-exec-git'
This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:
When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.
* js/fix-open-exec-git:
git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls
git-gui: do not mistake command arguments as redirection operators
git-gui: introduce function git_redir for git calls with redirections
git-gui: pass redirections as separate argument to git_read
git-gui: pass redirections as separate argument to _open_stdout_stderr
git-gui: convert git_read*, git_write to be non-variadic
git-gui: use git_read in githook_read
git-gui: break out a separate function git_read_nice
git-gui: remove option --stderr from git_read
git-gui: sanitize 'exec' arguments: background
git-gui: sanitize 'exec' arguments: simple cases
git-gui: treat file names beginning with "|" as relative paths
git-gui: remove git config --list handling for git < 1.5.3
git-gui: remove HEAD detachment implementation for git < 1.5.3
git-gui: remove Tcl 8.4 workaround on 2>@1 redirection
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
Diffstat (limited to 'lib/merge.tcl')
| -rw-r--r-- | lib/merge.tcl | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/merge.tcl b/lib/merge.tcl index 664803cf3f..44c3f93584 100644 --- a/lib/merge.tcl +++ b/lib/merge.tcl @@ -93,7 +93,7 @@ method _start {} { set spec [$w_rev get_tracking_branch] set cmit [$w_rev get_commit] - set fh [open [gitdir FETCH_HEAD] w] + set fh [safe_open_file [gitdir FETCH_HEAD] w] fconfigure $fh -translation lf if {$spec eq {}} { set remote . @@ -118,7 +118,7 @@ method _start {} { set cmd [list git] lappend cmd merge lappend cmd --strategy=recursive - lappend cmd [git fmt-merge-msg <[gitdir FETCH_HEAD]] + lappend cmd [git_redir [list fmt-merge-msg] [list <[gitdir FETCH_HEAD]]] lappend cmd HEAD lappend cmd $name } @@ -239,7 +239,7 @@ Continue with resetting the current changes?"] } if {[ask_popup $op_question] eq {yes}} { - set fd [git_read --stderr read-tree --reset -u -v HEAD] + set fd [git_read [list read-tree --reset -u -v HEAD] [list 2>@1]] fconfigure $fd -blocking 0 -translation binary set status_bar_operation [$::main_status \ start \ |