Mercurial > hg
view tests/test-issue1438.t @ 29051:a56296f55a5e stable 3.8.1
convert: pass absolute paths to git (SEC)
Fixes CVE-2016-3105 (1/1).
Previously, it was possible for the repository path passed to git-ls-remote
to be misinterpreted as a URL.
Always passing an absolute path to git is a simple way to avoid this.
author | Blake Burkhart <bburky@bburky.com> |
---|---|
date | Wed, 06 Apr 2016 22:57:46 -0500 |
parents | 2fc86d92c4a9 |
children | 55c6ebd11cb9 |
line wrap: on
line source
#require symlink https://bz.mercurial-scm.org/1438 $ hg init $ ln -s foo link $ hg add link $ hg ci -mbad link $ hg rm link $ hg ci -mok $ hg diff -g -r 0:1 > bad.patch $ hg up 0 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ hg import --no-commit bad.patch applying bad.patch $ hg status R link ? bad.patch