mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

credential-cache--daemon: disallow relative socket path

Browse Source 
Relative socket paths are dangerous since the user cannot generally
control when the daemon starts (initially, after a timeout, kill or
crash). Since the daemon creates but does not delete the socket
directory, this could lead to spurious directory creation relative
to the users cwd.

Suggested-by: Jeff King <peff@peff.net>
Signed-off-by: Jon Griffiths <jon_p_griffiths@yahoo.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jon Griffiths
2016-02-23 02:15:41 -05:00
committed by Junio C Hamano
parent a6e5e2864f
commit bd93b8d9be
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
credential-cache--daemon.c
View File

@ -262,6 +262,9 @@ int main(int argc, const char **argv)
if (!socket_path)
usage_with_options(usage, options);
if (!is_absolute_path(socket_path))
die("socket directory must be an absolute path");
init_socket_directory(socket_path);
register_tempfile(&socket_file, socket_path);