Skip to content

Commit bb92255

Browse files
jrndscho
jrn
authored and
dscho
committed
fsck: reject submodule.update = !command in .gitmodules
This allows hosting providers to detect whether they are being used to attack users using malicious 'update = !command' settings in .gitmodules. Since ac1fbbd (submodule: do not copy unknown update mode from .gitmodules, 2013-12-02), in normal cases such settings have been treated as 'update = none', so forbidding them should not produce any collateral damage to legitimate uses. A quick search does not reveal any repositories making use of this construct, either. Reported-by: Joern Schneeweisz <[email protected]> Signed-off-by: Jonathan Nieder <[email protected]> Signed-off-by: Johannes Schindelin <[email protected]>
1 parent bdfef04 commit bb92255

File tree

2 files changed

+21
-0
lines changed

2 files changed

+21
-0
lines changed

fsck.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@ static struct oidset gitmodules_done = OIDSET_INIT;
6666
FUNC(GITMODULES_SYMLINK, ERROR) \
6767
FUNC(GITMODULES_URL, ERROR) \
6868
FUNC(GITMODULES_PATH, ERROR) \
69+
FUNC(GITMODULES_UPDATE, ERROR) \
6970
/* warnings */ \
7071
FUNC(BAD_FILEMODE, WARN) \
7172
FUNC(EMPTY_NAME, WARN) \
@@ -975,6 +976,12 @@ static int fsck_gitmodules_fn(const char *var, const char *value, void *vdata)
975976
FSCK_MSG_GITMODULES_PATH,
976977
"disallowed submodule path: %s",
977978
value);
979+
if (!strcmp(key, "update") && value &&
980+
parse_submodule_update_type(value) == SM_UPDATE_COMMAND)
981+
data->ret |= report(data->options, data->obj,
982+
FSCK_MSG_GITMODULES_UPDATE,
983+
"disallowed submodule update setting: %s",
984+
value);
978985
free(name);
979986

980987
return 0;

t/t7406-submodule-update.sh

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -414,6 +414,20 @@ test_expect_success 'submodule update - command in .gitmodules is rejected' '
414414
test_must_fail git -C super submodule update submodule
415415
'
416416

417+
test_expect_success 'fsck detects command in .gitmodules' '
418+
git init command-in-gitmodules &&
419+
(
420+
cd command-in-gitmodules &&
421+
git submodule add ../submodule submodule &&
422+
test_commit adding-submodule &&
423+
424+
git config -f .gitmodules submodule.submodule.update "!false" &&
425+
git add .gitmodules &&
426+
test_commit configuring-update &&
427+
test_must_fail git fsck
428+
)
429+
'
430+
417431
cat << EOF >expect
418432
Execution of 'false $submodulesha1' failed in submodule path 'submodule'
419433
EOF

0 commit comments

Comments
 (0)