File CVE-2024-32020-3.patch of Package git.34091
From 8c9c051bef3db0fe267f3fb6a1dab293c5f23b38 Mon Sep 17 00:00:00 2001
From: Patrick Steinhardt <ps@pks.im>
Date: Mon, 15 Apr 2024 13:30:36 +0200
Subject: [PATCH 3/5] setup.c: introduce `die_upon_dubious_ownership()`
Introduce a new function `die_upon_dubious_ownership()` that uses
`ensure_valid_ownership()` to verify whether a repositroy is safe for
use, and causes Git to die in case it is not.
This function will be used in a subsequent commit.
Helped-by: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
cache.h | 12 ++++++++++++
setup.c | 21 +++++++++++++++++++++
2 files changed, 33 insertions(+)
Index: git-2.35.3/cache.h
===================================================================
--- git-2.35.3.orig/cache.h
+++ git-2.35.3/cache.h
@@ -627,6 +627,18 @@ void set_git_work_tree(const char *tree)
void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
const char *gitdir);
+/*
+ * Check if a repository is safe and die if it is not, by verifying the
+ * ownership of the worktree (if any), the git directory, and the gitfile (if
+ * any).
+ *
+ * Exemptions for known-safe repositories can be added via `safe.directory`
+ * config settings; for non-bare repositories, their worktree needs to be
+ * added, for bare ones their git directory.
+ */
+void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
+ const char *gitdir);
+
void setup_work_tree(void);
/*
* Find the commondir and gitdir of the repository that contains the current
Index: git-2.35.3/setup.c
===================================================================
--- git-2.35.3.orig/setup.c
+++ git-2.35.3/setup.c
@@ -1156,6 +1156,27 @@ static int ensure_valid_ownership(const
return data.is_safe;
}
+void die_upon_dubious_ownership(const char *gitfile, const char *worktree,
+ const char *gitdir)
+{
+ struct strbuf report = STRBUF_INIT, quoted = STRBUF_INIT;
+ const char *path;
+
+ if (ensure_valid_ownership(gitfile, worktree, gitdir))
+ return;
+
+ strbuf_complete(&report, '\n');
+ path = gitfile ? gitfile : gitdir;
+ sq_quote_buf_pretty("ed, path);
+
+ die(_("detected dubious ownership in repository at '%s'\n"
+ "%s"
+ "To add an exception for this directory, call:\n"
+ "\n"
+ "\tgit config --global --add safe.directory %s"),
+ path, report.buf, quoted.buf);
+}
+
enum discovery_result {
GIT_DIR_NONE = 0,
GIT_DIR_EXPLICIT,
