Fossil

Check-in [a6abfb911b]
Login
Home Timeline Docs Forum Download

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Do not allow the "fossil add" command to add files beneath a symlink.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | sec2020
Files: files | file ages | folders
SHA3-256: a6abfb911b31d8f814be147299b6c0cd9e45740b00a96f6de7e4ff64bb9ebf2c
User & Date: drh 2020-08-19 00:15:11.186
Context
2020-08-19
12:08
Improved detection of attempts to write through a symlink. Now also works for "revert", "stash", and "undo/redo". ... (check-in: f63297b2c5 user: drh tags: sec2020)
01:07
Cherrypick key fixes from the sec2020 branch in order to devise a minimal patch to get us to version 2.12.1. ... (check-in: fe1264d35d user: drh tags: sec2020-2.12-patch)
00:15
Do not allow the "fossil add" command to add files beneath a symlink. ... (check-in: a6abfb911b user: drh tags: sec2020)
2020-08-18
20:58
Silently refuse to "fossil add" files that use reserved names. ... (check-in: 888da94e0a user: drh tags: sec2020)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/add.c. 
184
185
186
187
188
189
190
191


192
193
194
195
196
197
198

    return 0;
  }
}

/*
** Add all files in the sfile temp table.
**
** Automatically exclude the repository file.


*/
static int add_files_in_sfile(int vid){
  const char *zRepo;        /* Name of the repository database file */
  int nAdd = 0;             /* Number of files added */
  int i;                    /* Loop counter */
  const char *zReserved;    /* Name of a reserved file */
  Blob repoName;            /* Treename of the repository */








|
>
>








184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

    return 0;
  }
}

/*
** Add all files in the sfile temp table.
**
** Automatically exclude the repository file and any other files
** with reserved names. Also exclude files that are beneath an 
** existing symlink.
*/
static int add_files_in_sfile(int vid){
  const char *zRepo;        /* Name of the repository database file */
  int nAdd = 0;             /* Number of files added */
  int i;                    /* Loop counter */
  const char *zReserved;    /* Name of a reserved file */
  Blob repoName;            /* Treename of the repository */

206
207
208
209
210
211
212
213








214
215
216
217
218
219
220

    zRepo = blob_str(&repoName);
  }
  if( filenames_are_case_sensitive() ){
    xCmp = fossil_strcmp;
  }else{
    xCmp = fossil_stricmp;
  }
  db_prepare(&loop, "SELECT pathname FROM sfile ORDER BY pathname");








  while( db_step(&loop)==SQLITE_ROW ){
    const char *zToAdd = db_column_text(&loop, 0);
    if( fossil_strcmp(zToAdd, zRepo)==0 ) continue;
    if( strchr(zToAdd,'/') ){
      if( file_is_reserved_name(zToAdd, -1) ) continue;
    }else{
      for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){








|
>
>
>
>
>
>
>
>








208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230

    zRepo = blob_str(&repoName);
  }
  if( filenames_are_case_sensitive() ){
    xCmp = fossil_strcmp;
  }else{
    xCmp = fossil_stricmp;
  }
  db_prepare(&loop, 
     "SELECT pathname FROM sfile"
     " WHERE pathname NOT IN ("
       "SELECT sfile.pathname FROM vfile, sfile"
       " WHERE vfile.islink"
       "   AND NOT vfile.deleted"
       "   AND sfile.pathname>(vfile.pathname||'/')"
       "   AND sfile.pathname<(vfile.pathname||'0'))"
     " ORDER BY pathname");
  while( db_step(&loop)==SQLITE_ROW ){
    const char *zToAdd = db_column_text(&loop, 0);
    if( fossil_strcmp(zToAdd, zRepo)==0 ) continue;
    if( strchr(zToAdd,'/') ){
      if( file_is_reserved_name(zToAdd, -1) ) continue;
    }else{
      for(i=0; (zReserved = fossil_reserved_name(i, 0))!=0; i++){
This page was generated in about 0.014s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32