ObjectChecker: Disallow Windows shortname "GIT~1" - jgit.git - JGit, the Java implementation of git: https://github.com/eclipse-jgit/jgit

diff options

author	Christian Halstrick <christian.halstrick@sap.com>	2014-12-17 14:36:52 +0100
committer	Matthias Sohn <matthias.sohn@sap.com>	2014-12-18 14:49:17 +0100
commit	a09b1b6c3d90713ab5e3473bd7aa32387dc294c3 (patch)
tree	b5f76a75c494d341263a08b937b6bf5128c155f7 /org.eclipse.jgit.ui
parent	10310bf8ef2ad1af16fbd2c406d813c17ea33793 (diff)
download	jgit-a09b1b6c3d90713ab5e3473bd7aa32387dc294c3.tar.gz jgit-a09b1b6c3d90713ab5e3473bd7aa32387dc294c3.zip

ObjectChecker: Disallow Windows shortname "GIT~1"

Windows creates shortnames for all non-8.3 files (see [1]). Hence we need to disallow all names which could potentially be a shortname for ".git". Example: in an empty directory create a folder "GIT~1". Now you can't create another folder ".git". The path "GIT~1" may map to ".git" on Windows. A potential victim to such an attack first has to initialize a git repository in order to receive any git commits. Hence the .git folder created by init will get the shortname "GIT~1". ".git" will only get a different shortname if the user has created a file "GIT~1" before initialization of the git repository. [1] http://en.wikipedia.org/wiki/8.3_filename Change-Id: I9978ab8f2d2951c46c1b9bbde57986d64d26b9b2 Signed-off-by: Christian Halstrick <christian.halstrick@sap.com> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>

Diffstat (limited to 'org.eclipse.jgit.ui')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: