From 88135203af9df27c0f9c76c27bbbf48833bb31c8 Mon Sep 17 00:00:00 2001
From: Theo Niessink <theo@taletn.com>
Date: Fri, 27 May 2011 18:00:38 +0200
Subject: [PATCH 1/3] A Windows path starting with a backslash is absolute

This fixes prefix_path() not recognizing e.g. \foo\bar as an absolute path
on Windows.

Signed-off-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 cache.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cache.h b/cache.h
index 5e9675d76d..9d3d92cf9e 100644
--- a/cache.h
+++ b/cache.h
@@ -715,7 +715,7 @@ extern char *expand_user_path(const char *path);
 char *enter_repo(char *path, int strict);
 static inline int is_absolute_path(const char *path)
 {
-	return path[0] == '/' || has_dos_drive_prefix(path);
+	return is_dir_sep(path[0]) || has_dos_drive_prefix(path);
 }
 int is_directory(const char *);
 const char *make_absolute_path(const char *path);

From d1c69255a1014ccaeb9841f2114e20f048556391 Mon Sep 17 00:00:00 2001
From: Theo Niessink <theo@taletn.com>
Date: Fri, 27 May 2011 18:00:39 +0200
Subject: [PATCH 2/3] real_path: do not assume '/' is the path seperator

real_path currently assumes it's input had '/' as path seperator.
This assumption does not hold true for the code-path from
prefix_path (on Windows), where real_path can be called before
normalize_path_copy.

Fix real_path so it doesn't make this assumption. Create a helper
function to reverse-search for the last path-seperator in a string.

Signed-off-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 abspath.c         | 4 ++--
 compat/mingw.h    | 9 +++++++++
 git-compat-util.h | 4 ++++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/abspath.c b/abspath.c
index ff140689ed..54899008f8 100644
--- a/abspath.c
+++ b/abspath.c
@@ -33,7 +33,7 @@ const char *make_absolute_path(const char *path)
 
 	while (depth--) {
 		if (!is_directory(buf)) {
-			char *last_slash = strrchr(buf, '/');
+			char *last_slash = find_last_dir_sep(buf);
 			if (last_slash) {
 				*last_slash = '\0';
 				last_elem = xstrdup(last_slash + 1);
@@ -58,7 +58,7 @@ const char *make_absolute_path(const char *path)
 			if (len + strlen(last_elem) + 2 > PATH_MAX)
 				die ("Too long path name: '%s/%s'",
 						buf, last_elem);
-			if (len && buf[len-1] != '/')
+			if (len && !is_dir_sep(buf[len-1]))
 				buf[len++] = '/';
 			strcpy(buf + len, last_elem);
 			free(last_elem);
diff --git a/compat/mingw.h b/compat/mingw.h
index 14211c6214..bea909d76f 100644
--- a/compat/mingw.h
+++ b/compat/mingw.h
@@ -299,6 +299,15 @@ int winansi_fprintf(FILE *stream, const char *format, ...) __attribute__((format
 
 #define has_dos_drive_prefix(path) (isalpha(*(path)) && (path)[1] == ':')
 #define is_dir_sep(c) ((c) == '/' || (c) == '\\')
+static inline char *mingw_find_last_dir_sep(const char *path)
+{
+	char *ret = NULL;
+	for (; *path; ++path)
+		if (is_dir_sep(*path))
+			ret = (char *)path;
+	return ret;
+}
+#define find_last_dir_sep mingw_find_last_dir_sep
 #define PATH_SEP ';'
 #define PRIuMAX "I64u"
 
diff --git a/git-compat-util.h b/git-compat-util.h
index 79b5122b4f..15bf3ef810 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -215,6 +215,10 @@ extern char *gitbasename(char *);
 #define is_dir_sep(c) ((c) == '/')
 #endif
 
+#ifndef find_last_dir_sep
+#define find_last_dir_sep(path) strrchr(path, '/')
+#endif
+
 #if __HP_cc >= 61000
 #define NORETURN __attribute__((noreturn))
 #define NORETURN_PTR

From 56948cb6aa8189e3b77c700119d179172e0f8c4a Mon Sep 17 00:00:00 2001
From: Erik Faye-Lund <kusmabite@gmail.com>
Date: Fri, 27 May 2011 18:00:40 +0200
Subject: [PATCH 3/3] verify_path: consider dos drive prefix

If someone manage to create a repo with a 'C:' entry in the
root-tree, files can be written outside of the working-dir. This
opens up a can-of-worms of exploits.

Fix it by explicitly checking for a dos drive prefix when verifying
a paht. While we're at it, make sure that paths beginning with '\' is
considered absolute as well.

Noticed-by: Theo Niessink <theo@taletn.com>
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 read-cache.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/read-cache.c b/read-cache.c
index 0480d9455c..31cf0b503a 100644
--- a/read-cache.c
+++ b/read-cache.c
@@ -774,11 +774,14 @@ int verify_path(const char *path)
 {
 	char c;
 
+	if (has_dos_drive_prefix(path))
+		return 0;
+
 	goto inside;
 	for (;;) {
 		if (!c)
 			return 1;
-		if (c == '/') {
+		if (is_dir_sep(c)) {
 inside:
 			c = *path++;
 			switch (c) {