development/git
development/git
1
0
Fork 0
mirror of https://github.com/git/git synced 2024-08-27 03:29:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
git/builtin
History
Derrick Stolee b6551feadf merge-tree: load default git config 
The 'git merge-tree' command handles creating root trees for merges
without using the worktree. This is a critical operation in many Git
hosts, as they typically store bare repositories.

This builtin does not load the default Git config, which can have
several important ramifications.

In particular, one config that is loaded by default is
core.useReplaceRefs. This is typically disabled in Git hosts due to
the ability to spoof commits in strange ways.

Since this config is not loaded specifically during merge-tree, users
were previously able to use refs/replace/ references to make pull
requests that looked valid but introduced malicious content. The
resulting merge commit would have the correct commit history, but the
malicious content would exist in the root tree of the merge.

The fix is simple: load the default Git config in cmd_merge_tree().
This may also fix other behaviors that are effected by reading default
config. The only possible downside is a little extra computation time
spent reading config. The config parsing is placed after basic argument
parsing so it does not slow down usage errors.

Helped-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Derrick Stolee <derrickstolee@github.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2023-05-10 12:20:44 -07:00
..
add.c add API: remove run_add_interactive() wrapper function 2023-02-06 15:03:34 -08:00
am.c Merge branch 'ab/hook-api-with-stdin' 2023-02-22 14:55:45 -08:00
annotate.c
apply.c apply.c: remove unnecessary include 2022-04-06 09:42:14 -07:00
archive.c parse-options: PARSE_OPT_KEEP_UNKNOWN only applies to --options 2022-08-19 11:13:14 -07:00
bisect.c bisect: remove Cogito-related code 2023-01-13 14:17:14 -08:00
blame.c doc txt & -h consistency: make "annotate" consistent 2022-10-13 09:32:57 -07:00
branch.c Merge branch 'rj/branch-copy-and-rename' 2022-12-19 11:46:18 +09:00
bugreport.c built-ins: use free() not UNLEAK() if trivial, rm dead code 2022-11-21 12:32:48 +09:00
bundle.c Merge branch 'ab/bundle-wo-args' 2023-01-05 15:07:22 +09:00
cat-file.c Merge branch 'sa/cat-file-mailmap--batch-check' 2023-01-05 15:07:17 +09:00
check-attr.c attr: add flag --source to work with tree-ish 2023-01-14 08:49:55 -08:00
check-ignore.c cocci: apply "pending" index-compatibility to some "builtin/*.c" 2022-11-21 12:06:15 +09:00
check-mailmap.c shortlog: remove unused(?) "repo-abbrev" feature 2021-01-12 14:04:42 -08:00
check-ref-format.c check-ref-format: fix trivial memory leak 2022-07-01 11:43:42 -07:00
checkout--worker.c pkt-line.[ch]: remove unused packet_read_line_buf() 2021-10-15 13:09:40 -07:00
checkout-index.c cocci: apply "pending" index-compatibility to some "builtin/*.c" 2022-11-21 12:06:15 +09:00
checkout.c add API: remove run_add_interactive() wrapper function 2023-02-06 15:03:34 -08:00
clean.c Merge branch 'ab/various-leak-fixes' 2023-02-22 14:55:45 -08:00
clone.c Merge branch 'ab/various-leak-fixes' 2023-02-22 14:55:45 -08:00
column.c column: fix parsing of the '--nl' option 2021-08-26 14:36:27 -07:00
commit-graph.c commit-graph: fix a parse_options_concat() leak 2023-02-06 15:34:38 -08:00
commit-tree.c doc txt & -h consistency: add missing options 2022-10-13 09:32:57 -07:00
commit.c cocci & cache.h: remove "USE_THE_INDEX_COMPATIBILITY_MACROS" 2023-02-10 11:38:40 -08:00
config.c built-ins: use free() not UNLEAK() if trivial, rm dead code 2022-11-21 12:32:48 +09:00
count-objects.c i18n: remove from i18n strings that do not hold translatable parts 2022-02-04 13:58:28 -08:00
credential-cache--daemon.c credential: new attribute password_expiry_utc 2023-02-22 15:18:58 -08:00
credential-cache.c credential-cache: check for windows specific errors 2021-09-14 09:30:54 -07:00
credential-store.c Use a better name for the function interpolating paths 2021-07-26 12:17:16 -07:00
credential.c doc: fix git credential synopsis 2021-10-28 09:57:09 -07:00
describe.c cocci: apply "pending" index-compatibility to some "builtin/*.c" 2022-11-21 12:06:15 +09:00
diagnose.c Merge branch 'ab/doc-synopsis-and-cmd-usage' 2022-10-28 11:26:54 -07:00
diff-files.c cocci: apply "pending" index-compatibility to some "builtin/*.c" 2022-11-21 12:06:15 +09:00
diff-index.c cocci: apply "pending" index-compatibility to some "builtin/*.c" 2022-11-21 12:06:15 +09:00
diff-tree.c cocci: apply "pending" index-compatibility to some "builtin/*.c" 2022-11-21 12:06:15 +09:00
diff.c Merge branch 'ab/various-leak-fixes' 2022-12-14 15:55:46 +09:00
difftool.c treewide: always have a valid "index_state.repo" member 2023-01-17 14:32:06 -08:00
fast-export.c diff: mark unused parameters in callbacks 2022-12-13 22:16:23 +09:00
fast-import.c git-compat-util.h: use "UNUSED", not "UNUSED(var)" 2022-09-01 10:49:48 -07:00
fetch-pack.c list-objects-filter: add and use initializers 2022-09-12 08:38:59 -07:00
fetch.c fetch: choose a sensible default with --jobs=0 again 2023-02-21 12:09:40 -08:00
fmt-merge-msg.c merge: allow to pretend a merge is made into a different branch 2021-12-20 14:55:02 -08:00
for-each-ref.c for-each-ref: delay parsing of --sort=<atom> options 2021-10-20 14:33:07 -07:00
for-each-repo.c for-each-repo: interpolate repo path arguments 2022-11-14 22:39:25 -05:00
fsck.c cocci: apply "pending" index-compatibility to some "builtin/*.c" 2022-11-21 12:06:15 +09:00
fsmonitor--daemon.c Merge branch 'sx/pthread-error-check-fix' 2022-12-19 11:46:17 +09:00
gc.c Merge branch 'rp/maintenance-qol' 2022-11-23 11:22:24 +09:00
get-tar-commit-id.c
grep.c builtin/{grep,log}.: don't define "USE_THE_INDEX_COMPATIBILITY_MACROS" 2022-11-21 12:06:14 +09:00
hash-object.c Merge branch 'jk/hash-object-literally-fd-leak' 2023-01-27 08:51:41 -08:00
help.c Merge branch 'ab/doc-synopsis-and-cmd-usage' 2022-10-28 11:26:54 -07:00
hook.c hook: support a --to-stdin=<path> option 2023-02-08 12:50:03 -08:00
index-pack.c i18n: fix mismatched camelCase config variables 2022-06-17 10:38:26 -07:00
init-db.c doc txt & -h consistency: add missing options 2022-10-13 09:32:57 -07:00
interpret-trailers.c doc txt & -h consistency: add missing options 2022-10-13 09:32:57 -07:00
log.c format.attach: allow empty value to disable multi-part messages 2023-02-17 15:43:09 -08:00
ls-files.c ls-files: fix a --with-tree memory leak 2022-11-21 12:32:48 +09:00
ls-remote.c doc/ls-remote: clarify pattern format 2023-02-10 21:57:51 -08:00
ls-tree.c Merge branch 'rs/ls-tree-path-expansion-fix' 2023-01-23 13:39:50 -08:00
mailinfo.c mailinfo: allow squelching quoted CRLF warning 2021-05-10 15:06:22 +09:00
mailsplit.c Merge branch 'ep/maint-equals-null-cocci' 2022-05-20 15:26:59 -07:00
merge-base.c doc txt & -h consistency: make output order consistent 2022-10-13 09:32:56 -07:00
merge-file.c merge-file: fix memory leaks on error path 2022-07-01 11:43:43 -07:00
merge-index.c cocci: apply "pending" index-compatibility to some "builtin/*.c" 2022-11-21 12:06:15 +09:00
merge-ours.c cocci: apply "pending" index-compatibility to some "builtin/*.c" 2022-11-21 12:06:15 +09:00
merge-recursive.c gettext API users: don't explicitly cast ngettext()'s "n" 2022-03-07 11:57:52 -08:00
merge-tree.c merge-tree: load default git config 2023-05-10 12:20:44 -07:00
merge.c Merge branch 'ab/various-leak-fixes' 2023-02-22 14:55:45 -08:00
mktag.c Merge branch 'ab/object-file-api-updates' 2022-03-16 17:53:08 -07:00
mktree.c mktree: do not check type of remote objects 2022-06-21 10:12:15 -07:00
multi-pack-index.c multi-pack-index: avoid writing to global in option callback 2022-10-06 09:56:51 -07:00
mv.c cocci & cache.h: apply pending "index_cache_pos" rule 2023-02-10 11:37:27 -08:00
name-rev.c Merge branch 'ab/various-leak-fixes' 2023-02-22 14:55:45 -08:00
notes.c notes: avoid empty line in template 2022-11-16 14:57:32 -05:00
pack-objects.c Merge branch 'rs/size-t-fixes' 2023-02-15 17:11:53 -08:00
pack-redundant.c doc txt & -h consistency: fix mismatching labels 2022-10-13 09:32:56 -07:00
pack-refs.c doc txt & -h consistency: add missing options and labels 2022-10-13 09:32:56 -07:00
patch-id.c builtin: patch-id: remove unused diff-tree prefix 2022-10-24 15:44:20 -07:00
prune-packed.c i18n: remove from i18n strings that do not hold translatable parts 2022-02-04 13:58:28 -08:00
prune.c prune: quiet ENOENT on missing directories 2022-11-21 15:58:54 +09:00
pull.c {builtin/*,repository}.c: add & use "USE_THE_INDEX_VARIABLE" 2022-11-21 12:06:15 +09:00
push.c push: free_refs() the "local_refs" in set_refspecs() 2023-02-06 15:34:40 -08:00
range-diff.c diff: factor out add_diff_options() 2022-12-02 08:25:29 +09:00
read-tree.c read-tree: add "--super-prefix" option, eliminate global 2022-12-26 10:21:44 +09:00
rebase.c builtin/rebase.c: free() "options.strategy_opts" 2023-02-06 16:03:53 -08:00
receive-pack.c receive-pack: release the linked "struct command *" list 2023-02-06 15:34:40 -08:00
reflog.c refs: unify parse_worktree_ref() and ref_type() 2022-09-19 11:11:11 -07:00
remote-ext.c convert trivial uses of strncmp() to skip_prefix() 2023-01-08 10:34:37 +09:00
remote-fd.c convert trivial uses of strncmp() to starts_with() 2023-01-08 10:34:35 +09:00
remote.c Merge branch 'rs/no-more-run-command-v' 2022-11-08 17:15:12 -05:00
repack.c repack: fix leaks on error with "goto cleanup" 2023-02-06 15:34:37 -08:00
replace.c refs: use ref_namespaces for replace refs base 2022-08-05 14:13:12 -07:00
rerere.c diff: mark unused parameters in callbacks 2022-12-13 22:16:23 +09:00
reset.c Merge branch 'ab/various-leak-fixes' 2023-02-22 14:55:45 -08:00
rev-list.c Merge branch 'ps/receive-use-only-advertised' 2022-11-23 11:22:25 +09:00
rev-parse.c Merge branch 'ab/various-leak-fixes' 2022-12-14 15:55:46 +09:00
revert.c builtin/revert.c: move free-ing of "revs" to replay_opts_release() 2023-02-06 16:03:52 -08:00
rm.c builtin/rm.c: use narrower "USE_THE_INDEX_VARIABLE" 2023-02-10 11:31:16 -08:00
send-pack.c doc txt & -h consistency: add missing options and labels 2022-10-13 09:32:56 -07:00
shortlog.c shortlog: implement --group=committer in terms of --group=<format> 2022-10-24 14:48:05 -07:00
show-branch.c show-branch: free() allocated "head" before return 2023-02-06 15:34:39 -08:00
show-index.c builtin/show-index: set the algorithm for object IDs 2021-04-27 16:31:39 +09:00
show-ref.c Merge branch 'ab/doc-synopsis-and-cmd-usage' 2022-10-28 11:26:54 -07:00
sparse-checkout.c treewide: always have a valid "index_state.repo" member 2023-01-17 14:32:06 -08:00
stash.c Merge branch 'ab/various-leak-fixes' 2023-02-22 14:55:45 -08:00
stripspace.c i18n: remove from i18n strings that do not hold translatable parts 2022-02-04 13:58:28 -08:00
submodule--helper.c *: fix typos which duplicate a word 2023-01-08 10:28:34 +09:00
symbolic-ref.c Merge branch 'ab/doc-synopsis-and-cmd-usage' 2022-10-28 11:26:54 -07:00
tag.c doc txt & -h consistency: add missing options and labels 2022-10-13 09:32:56 -07:00
unpack-file.c unpack-file: fix ancient leak in create_temp_file() 2022-11-21 12:32:48 +09:00
unpack-objects.c unpack-objects: use stream_loose_object() to unpack large objects 2022-06-13 10:22:36 -07:00
update-index.c cocci & cache.h: apply pending "index_cache_pos" rule 2023-02-10 11:37:27 -08:00
update-ref.c update-ref: fix streaming of status updates 2021-09-03 11:35:15 -07:00
update-server-info.c doc txt & -h consistency: add missing options and labels 2022-10-13 09:32:56 -07:00
upload-archive.c doc txt & -h consistency: fix mismatching labels 2022-10-13 09:32:56 -07:00
upload-pack.c doc txt & -h consistency: add missing options and labels 2022-10-13 09:32:56 -07:00
var.c var: add GIT_SEQUENCE_EDITOR variable 2022-12-18 11:48:26 +09:00
verify-commit.c doc txt & -h consistency: add missing options and labels 2022-10-13 09:32:56 -07:00
verify-pack.c doc txt & -h consistency: add or fix optional "--" syntax 2022-10-13 09:32:56 -07:00
verify-tag.c doc txt & -h consistency: add missing options and labels 2022-10-13 09:32:56 -07:00
worktree.c worktree: fix a trivial leak in prune_worktrees() 2023-02-06 15:34:38 -08:00
write-tree.c cocci & cache-tree.h: migrate "write_cache_as_tree" to "*_index_*" 2023-02-10 11:37:49 -08:00