]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commitdiff
Tell `git revert` not to follow renames (CVE-2016-10026)
authorSimon McVittie <smcv@debian.org>
Mon, 19 Dec 2016 13:48:56 +0000 (13:48 +0000)
committerSimon McVittie <smcv@debian.org>
Fri, 23 Dec 2016 18:44:37 +0000 (18:44 +0000)
Otherwise, we have an authorization bypass vulnerability: rcs_preprevert
looks at what changed in the commit we are reverting, not at what would
result from reverting it now. In particular, if some files were renamed
since the commit we are reverting, a revert of changes that were within
the designated subdirectory and allowed by check_canchange() might now
affect files that are outside the designated subdirectory or disallowed
by check_canchange().

Signed-off-by: Simon McVittie <smcv@debian.org>
IkiWiki/Plugin/git.pm

index 75b89e476bbb4bf1da262385a8e390994489f0e9..641e397eb1a41e06d303909e6b8437070df0e23f 100644 (file)
@@ -944,7 +944,9 @@ sub rcs_revert ($) {
        my $rev = shift;
        my ($sha1) = $rev =~ /^($sha1_pattern)$/; # untaint
 
        my $rev = shift;
        my ($sha1) = $rev =~ /^($sha1_pattern)$/; # untaint
 
-       if (run_or_non('git', 'revert', '--no-commit', $sha1)) {
+       if (run_or_non('git', 'revert', '--strategy=recursive',
+                       '--strategy-option=no-renames',
+                       '--no-commit', $sha1)) {
                return undef;
        }
        else {
                return undef;
        }
        else {