Mercurial > hg-stable
changeset 7559:016a7319e76b
Merge with -stable
author | Matt Mackall <mpm@selenic.com> |
---|---|
date | Wed, 31 Dec 2008 18:00:35 -0600 |
parents | dc211ad8d681 (current diff) f03562400824 (diff) |
children | e05aa73ce2b7 |
files | mercurial/util.py |
diffstat | 6 files changed, 49 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/.hgsigs Wed Dec 31 17:59:58 2008 -0600 +++ b/.hgsigs Wed Dec 31 18:00:35 2008 -0600 @@ -9,3 +9,4 @@ d2375bbee6d47e62ba8e415c86e83a465dc4dce9 0 iD8DBQBIo1wpywK+sNU5EO8RAmRNAJ94x3OFt6blbqu/yBoypm/AJ44fuACfUaldXcV5z9tht97hSp22DVTEPGc= 2a67430f92f15ea5159c26b09ec4839a0c549a26 0 iEYEABECAAYFAkk1hykACgkQywK+sNU5EO85QACeNJNUanjc2tl4wUoPHNuv+lSj0ZMAoIm93wSTc/feyYnO2YCaQ1iyd9Nu 3773e510d433969e277b1863c317b674cbee2065 0 iEYEABECAAYFAklNbbAACgkQywK+sNU5EO8o+gCfeb2/lfIJZMvyDA1m+G1CsBAxfFsAoIa6iAMG8SBY7hW1Q85Yf/LXEvaE +11a4eb81fb4f4742451591489e2797dc47903277 0 iEYEABECAAYFAklcAnsACgkQywK+sNU5EO+uXwCbBVHNNsLy1g7BlAyQJwadYVyHOXoAoKvtAVO71+bv7EbVoukwTzT+P4Sx
--- a/.hgtags Wed Dec 31 17:59:58 2008 -0600 +++ b/.hgtags Wed Dec 31 18:00:35 2008 -0600 @@ -21,3 +21,4 @@ d2375bbee6d47e62ba8e415c86e83a465dc4dce9 1.0.2 2a67430f92f15ea5159c26b09ec4839a0c549a26 1.1 3773e510d433969e277b1863c317b674cbee2065 1.1.1 +11a4eb81fb4f4742451591489e2797dc47903277 1.1.2
--- a/mercurial/util.py Wed Dec 31 17:59:58 2008 -0600 +++ b/mercurial/util.py Wed Dec 31 18:00:35 2008 -0600 @@ -814,9 +814,15 @@ return normpath = os.path.normcase(path) parts = splitpath(normpath) - if (os.path.splitdrive(path)[0] or parts[0] in ('.hg', '') + if (os.path.splitdrive(path)[0] or parts[0] in ('.hg', '.hg.', '') or os.pardir in parts): raise Abort(_("path contains illegal component: %s") % path) + if '.hg' in path: + for p in '.hg', '.hg.': + if p in parts[1:-1]: + pos = parts.index(p) + base = os.path.join(*parts[:pos]) + raise Abort(_('path %r is inside repo %r') % (path, base)) def check(prefix): curpath = os.path.join(self.root, prefix) try:
--- a/tests/test-audit-path Wed Dec 31 17:59:58 2008 -0600 +++ b/tests/test-audit-path Wed Dec 31 18:00:35 2008 -0600 @@ -20,4 +20,25 @@ echo % should still fail - maybe hg add b/b +echo % unbundle tampered bundle +hg init target +cd target +hg unbundle $TESTDIR/tampered.hg + +echo % attack .hg/test +hg manifest -r0 +hg update -Cr0 + +echo % attack foo/.hg/test +hg manifest -r1 +hg update -Cr1 + +echo % attack back/test where back symlinks to .. +hg manifest -r2 +hg update -Cr2 + +echo % attack ../test +hg manifest -r3 +hg update -Cr3 + exit 0
--- a/tests/test-audit-path.out Wed Dec 31 17:59:58 2008 -0600 +++ b/tests/test-audit-path.out Wed Dec 31 18:00:35 2008 -0600 @@ -6,3 +6,22 @@ % should succeed % should still fail - maybe abort: path 'b/b' traverses symbolic link 'b' +% unbundle tampered bundle +adding changesets +adding manifests +adding file changes +added 4 changesets with 5 changes to 5 files (+3 heads) +(run 'hg heads' to see heads, 'hg merge' to merge) +% attack .hg/test +.hg/test +abort: path contains illegal component: .hg/test +% attack foo/.hg/test +foo/.hg/test +abort: path 'foo/.hg/test' is inside repo 'foo' +% attack back/test where back symlinks to .. +back +back/test +abort: path 'back/test' traverses symbolic link 'back' +% attack ../test +../test +abort: path contains illegal component: ../test