diff options
| author | Thalia Archibald <thalia@archibald.dev> | 2024-04-14 01:12:19 +0000 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2024-04-15 10:06:18 -0700 |
| commit | be4d6a371e80e16ae02d1f258103493394e4c155 (patch) | |
| tree | 86f901d9e76b907f745506e03f97df6a1f763d80 | |
| parent | a923a04b80885368acacaf280eb0db16270e5a5b (diff) | |
| download | git-be4d6a371e80e16ae02d1f258103493394e4c155.tar.gz | |
fast-import: forbid escaped NUL in paths
NUL cannot appear in paths. Even disregarding filesystem path
limitations, the tree object format delimits with NUL, so such a path
cannot be encoded by Git.
When a quoted path is unquoted, it could possibly contain NUL from
"\000". Forbid it so it isn't truncated.
fast-import still has other issues with NUL, but those will be addressed
later.
Signed-off-by: Thalia Archibald <thalia@archibald.dev>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | Documentation/git-fast-import.txt | 1 | ||||
| -rw-r--r-- | builtin/fast-import.c | 2 | ||||
| -rwxr-xr-x | t/t9300-fast-import.sh | 1 |
3 files changed, 4 insertions, 0 deletions
diff --git a/Documentation/git-fast-import.txt b/Documentation/git-fast-import.txt index c6082c3b49..8b6dde45f1 100644 --- a/Documentation/git-fast-import.txt +++ b/Documentation/git-fast-import.txt @@ -661,6 +661,7 @@ and its value must be in canonical form. That is it must not: The root of the tree can be represented by an empty string as `<path>`. +`<path>` cannot contain NUL, either literally or escaped as `\000`. It is recommended that `<path>` always be encoded using UTF-8. `filedelete` diff --git a/builtin/fast-import.c b/builtin/fast-import.c index 832d0055f9..419ffdcdb5 100644 --- a/builtin/fast-import.c +++ b/builtin/fast-import.c @@ -2270,6 +2270,8 @@ static void parse_path(struct strbuf *sb, const char *p, const char **endp, if (*p == '"') { if (unquote_c_style(sb, p, endp)) die("Invalid %s: %s", field, command_buf.buf); + if (strlen(sb->buf) != sb->len) + die("NUL in %s: %s", field, command_buf.buf); } else { /* * Unless we are parsing the last field of a line, diff --git a/t/t9300-fast-import.sh b/t/t9300-fast-import.sh index 5cde8f8d01..1e68426852 100755 --- a/t/t9300-fast-import.sh +++ b/t/t9300-fast-import.sh @@ -3300,6 +3300,7 @@ test_path_base_fail () { local change="$1" prefix="$2" field="$3" suffix="$4" test_path_fail "$change" 'unclosed " in '"$field" "$prefix" '"hello.c' "$suffix" "Invalid $field" test_path_fail "$change" "invalid escape in quoted $field" "$prefix" '"hello\xff"' "$suffix" "Invalid $field" + test_path_fail "$change" "escaped NUL in quoted $field" "$prefix" '"hello\000"' "$suffix" "NUL in $field" } test_path_eol_quoted_fail () { local change="$1" prefix="$2" field="$3" |