This addresses CVE-2025-46835, Git GUI can create and overwrite a
user's files:
When a user clones an untrusted repository and is tricked into editing
a file located in a maliciously named directory in the repository, then
Git GUI can create and overwrite files for which the user has write
permission.
* js/fix-open-exec-git:
git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls
git-gui: do not mistake command arguments as redirection operators
git-gui: introduce function git_redir for git calls with redirections
git-gui: pass redirections as separate argument to git_read
git-gui: pass redirections as separate argument to _open_stdout_stderr
git-gui: convert git_read*, git_write to be non-variadic
git-gui: use git_read in githook_read
git-gui: break out a separate function git_read_nice
git-gui: remove option --stderr from git_read
git-gui: sanitize 'exec' arguments: background
git-gui: sanitize 'exec' arguments: simple cases
git-gui: treat file names beginning with "|" as relative paths
git-gui: remove git config --list handling for git < 1.5.3
git-gui: remove HEAD detachment implementation for git < 1.5.3
git-gui: remove Tcl 8.4 workaround on 2>@1 redirection
Signed-off-by: Johannes Sixt <j6t@kdbg.org>
method exec {cmd {after {}}} {
if {[lindex $cmd 0] eq {git}} {
- set fd_f [eval git_read --stderr [lrange $cmd 1 end]]
+ set fd_f [git_read [lrange $cmd 1 end] [list 2>@1]]
} else {
- lappend cmd 2>@1
- set fd_f [_open_stdout_stderr $cmd]
+ set fd_f [safe_open_command $cmd [list 2>@1]]
}
- fconfigure $fd_f -blocking 0 -translation binary
+ fconfigure $fd_f -blocking 0 -translation binary -encoding [encoding system]
fileevent $fd_f readable [cb _read $fd_f $after]
}
projects / thirdparty / git.git / commitdiff
