development/git
development/git
1
0
Fork 0
mirror of https://github.com/git/git synced 2024-09-13 21:34:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix-msys2-quoting-bugs'

Browse source 
These patches fix several bugs in quoting arguments when spawning shell
scripts on Windows.

Note: these bugs are Windows-only, as we have to construct a command
line for the process-to-spawn, unlike Linux/macOS, where `execv()`
accepts an already-split command line.

Furthermore, these fixes were not included in the CVE-2019-1350 part of
v2.14.6 because the Windows-specific quoting when spawning shell scripts
was contributed from Git for Windows into Git only in the v2.21.x era.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin 2019-09-16 13:26:40 +02:00
parent d9061ed9da 7d8b676992
commit 20c71bcf67
1 changed files with 20 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
compat/mingw.c
View file

@ -1120,13 +1120,14 @@ static const char *quote_arg_msys2(const char *arg)
for (p = arg; *p; p++) {
int ws = isspace(*p);
if (!ws && *p != '\\' && *p != '"' && *p != '{')
if (!ws && *p != '\\' && *p != '"' && *p != '{' && *p != '\'' &&
*p != '?' && *p != '*' && *p != '~')
continue;
if (!buf.len)
strbuf_addch(&buf, '"');
if (p != p2)
strbuf_add(&buf, p2, p - p2);
if (!ws && *p != '{')
if (*p == '\\' || *p == '"')
strbuf_addch(&buf, '\\');
p2 = p;
}
@ -1136,7 +1137,7 @@ static const char *quote_arg_msys2(const char *arg)
else if (!buf.len)
return arg;
else
strbuf_add(&buf, p2, p - p2),
strbuf_add(&buf, p2, p - p2);
strbuf_addch(&buf, '"');
return strbuf_detach(&buf, 0);
@ -1391,7 +1392,10 @@ static inline int match_last_path_component(const char *path, size_t *len,
static int is_msys2_sh(const char *cmd)
{
if (cmd && !strcmp(cmd, "sh")) {
if (!cmd)
return 0;
if (!strcmp(cmd, "sh")) {
static int ret = -1;
char *p;
@ -1411,6 +1415,16 @@ static int is_msys2_sh(const char *cmd)
}
return ret;
}
if (ends_with(cmd, "\\sh.exe")) {
static char *sh;
if (!sh)
sh = path_lookup("sh", 0);
return !fspathcmp(cmd, sh);
}
return 0;
}
@ -1426,7 +1440,8 @@ static pid_t mingw_spawnve_fd(const char *cmd, const char **argv, char **deltaen
BOOL ret;
HANDLE cons;
const char *(*quote_arg)(const char *arg) =
is_msys2_sh(*argv) ? quote_arg_msys2 : quote_arg_msvc;
is_msys2_sh(cmd ? cmd : *argv) ?
quote_arg_msys2 : quote_arg_msvc;
do_unset_environment_variables();