packages/libgit2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-12278 and CVE-2020-12279

Browse Source
This commit is contained in:
guoxiaoqi 2021-07-23 09:56:56 +08:00
parent 841b0ac493
commit 5ba2ba495e
3 changed files with 107 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
CVE-2020-12278.patch Normal file
View File

@ -0,0 +1,44 @@
From e1832eb20a7089f6383cfce474f213157f5300cb Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Wed, 18 Sep 2019 16:33:18 +0200
Subject: [PATCH] path: also guard `.gitmodules` against NTFS Alternate Data
Streams
We just safe-guarded `.git` against NTFS Alternate Data Stream-related
attack vectors, and now it is time to do the same for `.gitmodules`.
Note: In the added regression test, we refrain from verifying all kinds
of variations between short names and NTFS Alternate Data Streams: as
the new code disallows _all_ Alternate Data Streams of `.gitmodules`, it
is enough to test one in order to know that all of them are guarded
against.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
src/path.c | 2 +-
tests/path/dotgit.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/path.c b/src/path.c
index 7844da67227..b3a8fc32f83 100644
--- a/src/path.c
+++ b/src/path.c
@@ -1646,7 +1646,7 @@ GIT_INLINE(bool) only_spaces_and_dots(const char *path)
const char *c = path;
for (;; c++) {
- if (*c == '\0')
+ if (*c == '\0' || *c == ':')
return true;
if (*c != ' ' && *c != '.')
return false;
diff --git a/tests/path/dotgit.c b/tests/path/dotgit.c
index 30996694512..ceb7330d248 100644
--- a/tests/path/dotgit.c
+++ b/tests/path/dotgit.c
@@ -116,4 +116,5 @@ void test_path_dotgit__dotgit_modules_symlink(void)
cl_assert_equal_b(true, git_path_isvalid(NULL, ".gitmodules", 0, GIT_PATH_REJECT_DOT_GIT_HFS|GIT_PATH_REJECT_DOT_GIT_NTFS));
cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_HFS));
cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
+ cl_assert_equal_b(false, git_path_isvalid(NULL, ".gitmodules . .::$DATA", S_IFLNK, GIT_PATH_REJECT_DOT_GIT_NTFS));
}

57
CVE-2020-12279.patch Normal file
View File

@ -0,0 +1,57 @@
From 64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Wed, 18 Sep 2019 15:25:02 +0200
Subject: [PATCH] Protect against 8.3 "short name" attacks also on Linux/macOS
The Windows Subsystem for Linux (WSL) is getting increasingly popular,
in particular because it makes it _so_ easy to run Linux software on
Windows' files, via the auto-mounted Windows drives (`C:\` is mapped to
`/mnt/c/`, no need to set that up manually).
Unfortunately, files/directories on the Windows drives can be accessed
via their _short names_, if that feature is enabled (which it is on the
`C:` drive by default).
Which means that we have to safeguard even our Linux users against the
short name attacks.
Further, while the default options of CIFS/SMB-mounts seem to disallow
accessing files on network shares via their short names on Linux/macOS,
it _is_ possible to do so with the right options.
So let's just safe-guard against short name attacks _everywhere_.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
src/checkout.c | 2 +-
tests/checkout/nasty.c | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/checkout.c b/src/checkout.c
index 5cfa7280baa..5b20ede466b 100644
--- a/src/checkout.c
+++ b/src/checkout.c
@@ -1271,7 +1271,7 @@ static int checkout_verify_paths(
int action,
git_diff_delta *delta)
{
- unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS;
+ unsigned int flags = GIT_PATH_REJECT_WORKDIR_DEFAULTS | GIT_PATH_REJECT_DOT_GIT_NTFS;
if (action & CHECKOUT_ACTION__REMOVE) {
if (!git_path_isvalid(repo, delta->old_file.path, delta->old_file.mode, flags)) {
diff --git a/tests/checkout/nasty.c b/tests/checkout/nasty.c
index 3897878cef1..a0ac738a812 100644
--- a/tests/checkout/nasty.c
+++ b/tests/checkout/nasty.c
@@ -206,9 +206,8 @@ void test_checkout_nasty__dot_git_dot(void)
*/
void test_checkout_nasty__git_tilde1(void)
{
-#ifdef GIT_WIN32
test_checkout_fails("refs/heads/git_tilde1", ".git/foobar");
-#endif
+ test_checkout_fails("refs/heads/git_tilde1", "git~1/foobar");
}
/* A tree that contains an entry "git~2", when we have forced the short

7
libgit2.spec
View File

@ -1,12 +1,14 @@
Name: libgit2 Name: libgit2
Version: 0.27.8 Version: 0.27.8
Release: 3 Release: 4
Summary: portable, pure C implementation of the Git core methods Summary: portable, pure C implementation of the Git core methods
License: GPLv2 with exceptions License: GPLv2 with exceptions
URL: https://libgit2.org URL: https://libgit2.org
Source0: https://github.com/libgit2/libgit2/archive/v%{version}.tar.gz Source0: https://github.com/libgit2/libgit2/archive/v%{version}.tar.gz
Patch0001: 0001-tests-don-t-run-buf-oom-on-32-bit-systems.patch Patch0001: 0001-tests-don-t-run-buf-oom-on-32-bit-systems.patch
Patch0002: CVE-2020-12278.patch
Patch0003: CVE-2020-12279.patch
BuildRequires: gcc cmake >= 2.8.11 ninja-build http-parser-devel libcurl-devel BuildRequires: gcc cmake >= 2.8.11 ninja-build http-parser-devel libcurl-devel
BuildRequires: libssh2-devel openssl-devel python3 zlib-devel BuildRequires: libssh2-devel openssl-devel python3 zlib-devel
@ -55,6 +57,9 @@ sed -i '/ADD_TEST(online/s/^/#/' tests/CMakeLists.txt
%{_includedir}/git2* %{_includedir}/git2*
%changelog %changelog
* Fri Jul 23 2021 guoxiaoqi<guoxiaoqi2@huawei.com> - 0.27.8-4
- fix CVE-2020-12278 and CVE-2020-12279
* Thu Jan 16 2020 yangjian<yangjian79@huawei.com> - 0.27.8-3 * Thu Jan 16 2020 yangjian<yangjian79@huawei.com> - 0.27.8-3
- Change the Source to valid address - Change the Source to valid address