path: also guard `.gitmodules` against NTFS Alternate Data Streams

We just safe-guarded `.git` against NTFS Alternate Data Stream-related
attack vectors, and now it is time to do the same for `.gitmodules`.

Note: In the added regression test, we refrain from verifying all kinds
of variations between short names and NTFS Alternate Data Streams: as
the new code disallows _all_ Alternate Data Streams of `.gitmodules`, it
is enough to test one in order to know that all of them are guarded
against.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

diff --git a/path.c b/path.c
index e39ecf4689e15d51fcf5b373b903cc5f461f37a1..2037e2d8c1daed5337c9311c1490341707ecc601 100644 (file)
--- a/path.c
+++ b/path.c
@@ -1369,7 +1369,7 @@ static int is_ntfs_dot_generic(const char *name,
 only_spaces_and_periods:
                for (;;) {
                        char c = name[i++];
-                       if (!c)
+                       if (!c || c == ':')
                                return 1;
                        if (c != ' ' && c != '.')
                                return 0;

diff --git a/t/t0060-path-utils.sh b/t/t0060-path-utils.sh
index 3f3357ed9fc23c93d496d2a6e29aadf59932f347..2b8589e921cefc09d18c6701c1b4db2c833c8591 100755 (executable)
--- a/t/t0060-path-utils.sh
+++ b/t/t0060-path-utils.sh
@@ -408,6 +408,9 @@ test_expect_success 'match .gitmodules' '
                ~1000000 \
                ~9999999 \
                \
+               .gitmodules:\$DATA \
+               "gitmod~4 . :\$DATA" \
+               \
                --not \
                ".gitmodules x"  \
                ".gitmodules .x" \
@@ -432,7 +435,9 @@ test_expect_success 'match .gitmodules' '
                \
                GI7EB~1 \
                GI7EB~01 \
-               GI7EB~1X
+               GI7EB~1X \
+               \
+               .gitmodules,:\$DATA
 '
 
 test_done