diff options
| author | Ivan Frade <ifrade@google.com> | 2018-09-24 16:03:35 -0700 |
|---|---|---|
| committer | Matthias Sohn <matthias.sohn@sap.com> | 2018-10-05 21:38:22 +0200 |
| commit | db9f7b028d8086e5fc66364e9beba1e3a2b99d48 (patch) | |
| tree | c59d61cd0b329aa487d173c7dfec48e696792fd4 /org.eclipse.jgit/src/org/eclipse/jgit/api | |
| parent | e5a4c0d17e532824e0d379cb1c322296b07c73f9 (diff) | |
| download | jgit-db9f7b028d8086e5fc66364e9beba1e3a2b99d48.tar.gz jgit-db9f7b028d8086e5fc66364e9beba1e3a2b99d48.zip | |
SubmoduleAddCommand: Reject submodule URIs that look like cli options
In C git versions before 2.19.1, the submodule is fetched by running
"git clone <uri> <path>". A URI starting with "-" would be interpreted
as an option, causing security problems. See CVE-2018-17456.
Refuse to add submodules with URIs, names or paths starting with "-",
that could be confused with command line arguments.
[jn: backported to JGit 4.7.y, bringing portions of Masaya Suzuki's
dotdot check code in v5.1.0.201808281540-m3~57 (Add API to specify
the submodule name, 2018-07-12) along for the ride]
Change-Id: I2607c3acc480b75ab2b13386fe2cac435839f017
Signed-off-by: Ivan Frade <ifrade@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Diffstat (limited to 'org.eclipse.jgit/src/org/eclipse/jgit/api')
| -rw-r--r-- | org.eclipse.jgit/src/org/eclipse/jgit/api/SubmoduleAddCommand.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/api/SubmoduleAddCommand.java b/org.eclipse.jgit/src/org/eclipse/jgit/api/SubmoduleAddCommand.java index 0519d454ea..e3ba8945df 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/api/SubmoduleAddCommand.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/api/SubmoduleAddCommand.java @@ -51,6 +51,7 @@ import org.eclipse.jgit.api.errors.JGitInternalException; import org.eclipse.jgit.api.errors.NoFilepatternException; import org.eclipse.jgit.errors.ConfigInvalidException; import org.eclipse.jgit.internal.JGitText; +import org.eclipse.jgit.internal.submodule.SubmoduleValidator; import org.eclipse.jgit.lib.ConfigConstants; import org.eclipse.jgit.lib.Constants; import org.eclipse.jgit.lib.NullProgressMonitor; @@ -158,6 +159,14 @@ public class SubmoduleAddCommand extends throw new IllegalArgumentException(JGitText.get().uriNotConfigured); try { + SubmoduleValidator.assertValidSubmoduleName(path); + SubmoduleValidator.assertValidSubmodulePath(path); + SubmoduleValidator.assertValidSubmoduleUri(uri); + } catch (SubmoduleValidator.SubmoduleValidationException e) { + throw new IllegalArgumentException(e.getMessage()); + } + + try { if (submoduleExists()) throw new JGitInternalException(MessageFormat.format( JGitText.get().submoduleExists, path)); |