# HG changeset patch # User Matt Mackall # Date 1230768035 21600 # Node ID 016a7319e76ba15474a89199657c5aa39bd3b339 # Parent dc211ad8d681555c169e70f4ef9f7cccb32a2d6a# Parent f03562400824201da94fa939a645646c07cbfef7 Merge with -stable diff -r dc211ad8d681 -r 016a7319e76b .hgsigs --- a/.hgsigs Wed Dec 31 17:59:58 2008 -0600 +++ b/.hgsigs Wed Dec 31 18:00:35 2008 -0600 @@ -9,3 +9,4 @@ d2375bbee6d47e62ba8e415c86e83a465dc4dce9 0 iD8DBQBIo1wpywK+sNU5EO8RAmRNAJ94x3OFt6blbqu/yBoypm/AJ44fuACfUaldXcV5z9tht97hSp22DVTEPGc= 2a67430f92f15ea5159c26b09ec4839a0c549a26 0 iEYEABECAAYFAkk1hykACgkQywK+sNU5EO85QACeNJNUanjc2tl4wUoPHNuv+lSj0ZMAoIm93wSTc/feyYnO2YCaQ1iyd9Nu 3773e510d433969e277b1863c317b674cbee2065 0 iEYEABECAAYFAklNbbAACgkQywK+sNU5EO8o+gCfeb2/lfIJZMvyDA1m+G1CsBAxfFsAoIa6iAMG8SBY7hW1Q85Yf/LXEvaE +11a4eb81fb4f4742451591489e2797dc47903277 0 iEYEABECAAYFAklcAnsACgkQywK+sNU5EO+uXwCbBVHNNsLy1g7BlAyQJwadYVyHOXoAoKvtAVO71+bv7EbVoukwTzT+P4Sx diff -r dc211ad8d681 -r 016a7319e76b .hgtags --- a/.hgtags Wed Dec 31 17:59:58 2008 -0600 +++ b/.hgtags Wed Dec 31 18:00:35 2008 -0600 @@ -21,3 +21,4 @@ d2375bbee6d47e62ba8e415c86e83a465dc4dce9 1.0.2 2a67430f92f15ea5159c26b09ec4839a0c549a26 1.1 3773e510d433969e277b1863c317b674cbee2065 1.1.1 +11a4eb81fb4f4742451591489e2797dc47903277 1.1.2 diff -r dc211ad8d681 -r 016a7319e76b mercurial/util.py --- a/mercurial/util.py Wed Dec 31 17:59:58 2008 -0600 +++ b/mercurial/util.py Wed Dec 31 18:00:35 2008 -0600 @@ -814,9 +814,15 @@ return normpath = os.path.normcase(path) parts = splitpath(normpath) - if (os.path.splitdrive(path)[0] or parts[0] in ('.hg', '') + if (os.path.splitdrive(path)[0] or parts[0] in ('.hg', '.hg.', '') or os.pardir in parts): raise Abort(_("path contains illegal component: %s") % path) + if '.hg' in path: + for p in '.hg', '.hg.': + if p in parts[1:-1]: + pos = parts.index(p) + base = os.path.join(*parts[:pos]) + raise Abort(_('path %r is inside repo %r') % (path, base)) def check(prefix): curpath = os.path.join(self.root, prefix) try: diff -r dc211ad8d681 -r 016a7319e76b tests/tampered.hg Binary file tests/tampered.hg has changed diff -r dc211ad8d681 -r 016a7319e76b tests/test-audit-path --- a/tests/test-audit-path Wed Dec 31 17:59:58 2008 -0600 +++ b/tests/test-audit-path Wed Dec 31 18:00:35 2008 -0600 @@ -20,4 +20,25 @@ echo % should still fail - maybe hg add b/b +echo % unbundle tampered bundle +hg init target +cd target +hg unbundle $TESTDIR/tampered.hg + +echo % attack .hg/test +hg manifest -r0 +hg update -Cr0 + +echo % attack foo/.hg/test +hg manifest -r1 +hg update -Cr1 + +echo % attack back/test where back symlinks to .. +hg manifest -r2 +hg update -Cr2 + +echo % attack ../test +hg manifest -r3 +hg update -Cr3 + exit 0 diff -r dc211ad8d681 -r 016a7319e76b tests/test-audit-path.out --- a/tests/test-audit-path.out Wed Dec 31 17:59:58 2008 -0600 +++ b/tests/test-audit-path.out Wed Dec 31 18:00:35 2008 -0600 @@ -6,3 +6,22 @@ % should succeed % should still fail - maybe abort: path 'b/b' traverses symbolic link 'b' +% unbundle tampered bundle +adding changesets +adding manifests +adding file changes +added 4 changesets with 5 changes to 5 files (+3 heads) +(run 'hg heads' to see heads, 'hg merge' to merge) +% attack .hg/test +.hg/test +abort: path contains illegal component: .hg/test +% attack foo/.hg/test +foo/.hg/test +abort: path 'foo/.hg/test' is inside repo 'foo' +% attack back/test where back symlinks to .. +back +back/test +abort: path 'back/test' traverses symbolic link 'back' +% attack ../test +../test +abort: path contains illegal component: ../test