From: Johannes Sixt Date: Tue, 8 Jul 2025 19:22:00 +0000 (+0200) Subject: Merge branch 'js/fix-open-exec-git' X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3f072308447ed2aab0228d21a7ce334beeeca7e8;p=thirdparty%2Fgit.git Merge branch 'js/fix-open-exec-git' This addresses CVE-2025-46835, Git GUI can create and overwrite a user's files: When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. * js/fix-open-exec-git: git-gui: sanitize 'exec' arguments: convert new 'cygpath' calls git-gui: do not mistake command arguments as redirection operators git-gui: introduce function git_redir for git calls with redirections git-gui: pass redirections as separate argument to git_read git-gui: pass redirections as separate argument to _open_stdout_stderr git-gui: convert git_read*, git_write to be non-variadic git-gui: use git_read in githook_read git-gui: break out a separate function git_read_nice git-gui: remove option --stderr from git_read git-gui: sanitize 'exec' arguments: background git-gui: sanitize 'exec' arguments: simple cases git-gui: treat file names beginning with "|" as relative paths git-gui: remove git config --list handling for git < 1.5.3 git-gui: remove HEAD detachment implementation for git < 1.5.3 git-gui: remove Tcl 8.4 workaround on 2>@1 redirection Signed-off-by: Johannes Sixt --- 3f072308447ed2aab0228d21a7ce334beeeca7e8 diff --cc lib/console.tcl index fafafb81f1,4715ce91e6..a017cfeadd --- a/lib/console.tcl +++ b/lib/console.tcl @@@ -92,12 -92,11 +92,11 @@@ method _init {} method exec {cmd {after {}}} { if {[lindex $cmd 0] eq {git}} { - set fd_f [eval git_read --stderr [lrange $cmd 1 end]] + set fd_f [git_read [lrange $cmd 1 end] [list 2>@1]] } else { - lappend cmd 2>@1 - set fd_f [_open_stdout_stderr $cmd] + set fd_f [safe_open_command $cmd [list 2>@1]] } - fconfigure $fd_f -blocking 0 -translation binary + fconfigure $fd_f -blocking 0 -translation binary -encoding [encoding system] fileevent $fd_f readable [cb _read $fd_f $after] }