Commitb2d3d01

committed

FixCVE-2023-41040

This change adds a check during reference resolving to see if therequested reference is inside the current repository folder. Ifit's ouside, it raises an exception.This fixesCVE-2023-41040, which allows an attacker to access filesoutside the repository's directory.

1 parent91b464c commitb2d3d01Copy full SHA for b2d3d01

File tree

1 file changed

-1

lines changed

git/refs
- symbolic.py

1 file changed

-1

lines changed

`‎git/refs/symbolic.py`

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`fromgit.typesimportPathLike`
	`2`	`+frompathlibimportPath`
`2`	`3`	`importos`
`3`	`4`
`4`	`5`	`fromgit.compatimportdefenc`
`@@ -171,7 +172,13 @@ def _get_ref_info_helper(`
`171`	`172`	`tokens:Union[None,List[str],Tuple[str,str]]=None`
`172`	`173`	`repodir=_git_dir(repo,ref_path)`
`173`	`174`	`try:`
`174`		`-withopen(os.path.join(repodir,str(ref_path)),"rt",encoding="UTF-8")asfp:`
	`175`	`+# Make path absolute, resolving any symlinks, and check that we are still`
	`176`	`+# inside the repository`
	`177`	`+full_ref_path=Path(repodir,str(ref_path)).resolve(strict=True)`
	`178`	`+ifPath(repodir)notinfull_ref_path.parents:`
	`179`	`+raiseValueError(f"Reference at{full_ref_path} is outside the repo directory")`
	`180`	`+`
	`181`	`+withopen(full_ref_path,"rt",encoding="UTF-8")asfp:`
`175`	`182`	`value=fp.read().rstrip()`
`176`	`183`	`# Don't only split on spaces, but on whitespace, which allows to parse lines like`
`177`	`184`	`# 60b64ef992065e2600bfef6187a97f92398a9144 branch 'master' of git-server:/path/to/repo`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitb2d3d01

File tree

1 file changed

1 file changed

`‎git/refs/symbolic.py`

0 commit comments