diff options
| author | Junio C Hamano <gitster@pobox.com> | 2024-05-29 09:02:16 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2024-05-29 12:06:27 -0700 |
| commit | 313eec177ad010048b399d6fd14de871b517f7e3 (patch) | |
| tree | 41f879efa3ff24fdfafb91e4365603e7b17241b6 /setup.c | |
| parent | 786a3e4b8d754d2b14b1208b98eeb0a554ef19a8 (diff) | |
| download | git-313eec177ad010048b399d6fd14de871b517f7e3.tar.gz | |
safe.directory: allow "lead/ing/path/*" match
When safe.directory was introduced in v2.30.3 timeframe, 8959555c
(setup_git_directory(): add an owner check for the top-level
directory, 2022-03-02), it only allowed specific opt-out
directories. Immediately after an embargoed release that included
the change, 0f85c4a3 (setup: opt-out of check with safe.directory=*,
2022-04-13) was done as a response to loosen the check so that a
single '*' can be used to say "I trust all repositories" for folks
who host too many repositories to list individually.
Let's further loosen the check to allow people to say "everything
under this hierarchy is deemed safe" by specifying such a leading
directory with "/*" appended to it.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'setup.c')
| -rw-r--r-- | setup.c | 22 |
1 files changed, 15 insertions, 7 deletions
@@ -1176,13 +1176,21 @@ static int safe_directory_cb(const char *key, const char *value, } else if (!strcmp(value, "*")) { data->is_safe = 1; } else { - const char *interpolated = NULL; - - if (!git_config_pathname(&interpolated, key, value) && - !fspathcmp(data->path, interpolated ? interpolated : value)) - data->is_safe = 1; - - free((char *)interpolated); + const char *allowed = NULL; + + if (!git_config_pathname(&allowed, key, value)) { + if (!allowed) + allowed = value; + if (ends_with(allowed, "/*")) { + size_t len = strlen(allowed); + if (!fspathncmp(allowed, data->path, len - 1)) + data->is_safe = 1; + } else if (!fspathcmp(data->path, allowed)) { + data->is_safe = 1; + } + } + if (allowed != value) + free((char *)allowed); } return 0; |