diff options
| author | Simon McVittie <smcv@debian.org> | 2016-12-19 13:48:56 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2016-12-19 18:21:07 +0000 |
| commit | 9cada49ed6ad24556dbe9861ad5b0a9f526167f9 (patch) | |
| tree | d648d0640f79a03d954c9b43a8831a38e4bb5776 /IkiWiki | |
| parent | 7244b712c1e9ce7c34748f9415cec79ce554c554 (diff) | |
| download | ikiwiki-9cada49ed6ad24556dbe9861ad5b0a9f526167f9.tar ikiwiki-9cada49ed6ad24556dbe9861ad5b0a9f526167f9.tar.gz | |
Tell `git revert` not to follow renames
Otherwise, we have an authorization bypass vulnerability: rcs_preprevert
looks at what changed in the commit we are reverting, not at what would
result from reverting it now. In particular, if some files were renamed
since the commit we are reverting, a revert of changes that were within
the designated subdirectory and allowed by check_canchange() might now
affect files that are outside the designated subdirectory or disallowed
by check_canchange().
Signed-off-by: Simon McVittie <smcv@debian.org>
Diffstat (limited to 'IkiWiki')
| -rw-r--r-- | IkiWiki/Plugin/git.pm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/IkiWiki/Plugin/git.pm b/IkiWiki/Plugin/git.pm index 249338d4d..7511f09cb 100644 --- a/IkiWiki/Plugin/git.pm +++ b/IkiWiki/Plugin/git.pm @@ -973,7 +973,9 @@ sub rcs_revert ($) { ensure_committer(); - if (run_or_non('git', 'revert', '--no-commit', $sha1)) { + if (run_or_non('git', 'revert', '--strategy=recursive', + '--strategy-option=no-renames', + '--no-commit', $sha1)) { return undef; } else { |