cvs co -d prevention

Donald Sharp Thu, 24 May 2001 09:53:48 -0700

If the user has set his CVSROOT env variable and calls cvs in this
manner:

cvs co -d <repository> <module>

The current version will happily check the module out inside of 
the repository.

I've attached a patch that fixes this problem( It's not based on
the other checkout into the repository patch I got going at this
point in time. ).  I've also included a sanity.sh modification
that shows tests this case ;)

Please let me know if you have any suggestions/comments.

Thanks!

donald

Index: ChangeLog
===================================================================
RCS file: /home2/cvsroot/ccvs/src/ChangeLog,v
retrieving revision 1.2135
diff -c -r1.2135 ChangeLog
*** ChangeLog   23 May 2001 18:03:07 -0000      1.2135
--- ChangeLog   24 May 2001 17:08:21 -0000
***************
*** 1,3 ****
--- 1,11 ----
+ 2001-05-24  Donald Sharp <[EMAIL PROTECTED]>
+ 
+     * checkout.c:  Modified safe_location() to refuse checkout if
+     the -d option to co specifies inside of the repository.
+     * import.c:  New parameter to safe_location needed to be added.
+     * cvs.h:  New parameter to safe_location needed to be added.
+     * sanity.sh:  Test case to test for failure mode.
+ 
  2001-05-23  Larry Jones  <[EMAIL PROTECTED]>
  
        * checkout.c (checkout_proc): Don't build top_level_admin directory
Index: checkout.c
===================================================================
RCS file: /home2/cvsroot/ccvs/src/checkout.c,v
retrieving revision 1.99
diff -c -r1.99 checkout.c
*** checkout.c  23 May 2001 18:03:08 -0000      1.99
--- checkout.c  24 May 2001 17:08:21 -0000
***************
*** 248,254 ****
      }
  #endif
  
!     if (!cat && !safe_location()) {
          error(1, 0, "Cannot check out files into the repository itself");
      }
  
--- 248,254 ----
      }
  #endif
  
!     if (!cat && !safe_location( where )) {
          error(1, 0, "Cannot check out files into the repository itself");
      }
  
***************
*** 379,387 ****
     reasons, probably want to move them.  */
  
  int
! safe_location ()
  {
      char *current;
      char hardpath[PATH_MAX+5];
      size_t hardpath_len;
      int  x;
--- 379,388 ----
     reasons, probably want to move them.  */
  
  int
! safe_location ( char * where )
  {
      char *current;
+     char *where_location;
      char hardpath[PATH_MAX+5];
      size_t hardpath_len;
      int  x;
***************
*** 403,411 ****
--- 404,431 ----
      {
          hardpath[x] = '\0';
      }
+ 
      current = xgetwd ();
      if (current == NULL)
        error (1, errno, "could not get working directory");
+ 
+     if( where != NULL )
+     {
+       char *temp;
+       if( chdir( where ) != -1 )
+       {
+         where_location = xgetwd();
+         if( where_location == NULL )
+               error( 1, errno, "could not get working directory" );
+ 
+           if( chdir( current ) == -1 )
+               error( 1, errno, "Could not change directory" );
+ 
+           free( current );
+           current = where_location;
+         }
+     }
+ 
      hardpath_len = strlen (hardpath);
      if (strlen (current) >= hardpath_len
        && strncmp (current, hardpath, hardpath_len) == 0)
Index: cvs.h
===================================================================
RCS file: /home2/cvsroot/ccvs/src/cvs.h,v
retrieving revision 1.221
diff -c -r1.221 cvs.h
*** cvs.h       4 May 2001 16:36:34 -0000       1.221
--- cvs.h       24 May 2001 17:08:21 -0000
***************
*** 380,386 ****
  extern cvsroot_t *current_parsed_root;
  
  extern char *emptydir_name PROTO ((void));
! extern int safe_location PROTO ((void));
  
  extern int trace;             /* Show all commands */
  extern int noexec;            /* Don't modify disk anywhere */
--- 380,386 ----
  extern cvsroot_t *current_parsed_root;
  
  extern char *emptydir_name PROTO ((void));
! extern int safe_location PROTO ((char *));
  
  extern int trace;             /* Show all commands */
  extern int noexec;            /* Don't modify disk anywhere */
Index: import.c
===================================================================
RCS file: /home2/cvsroot/ccvs/src/import.c,v
retrieving revision 1.122
diff -c -r1.122 import.c
*** import.c    6 Feb 2001 15:29:43 -0000       1.122
--- import.c    24 May 2001 17:08:21 -0000
***************
*** 278,284 ****
      }
  #endif
  
!     if (!safe_location ())
      {
        error (1, 0, "attempt to import the repository");
      }
--- 278,284 ----
      }
  #endif
  
!     if (!safe_location ( NULL ))
      {
        error (1, 0, "attempt to import the repository");
      }
Index: sanity.sh
===================================================================
RCS file: /home2/cvsroot/ccvs/src/sanity.sh,v
retrieving revision 1.694
diff -c -r1.694 sanity.sh
*** sanity.sh   30 Apr 2001 19:07:09 -0000      1.694
--- sanity.sh   24 May 2001 17:08:23 -0000
***************
*** 677,682 ****
--- 677,683 ----
        tests="${tests} modules modules2 modules3 modules4 modules5"
        tests="${tests} mkmodules-temp-file-removal"
        tests="${tests} cvsadm emptydir abspath toplevel toplevel2"
+         tests="${tests} checkout_repository"
        # Log messages, error messages.
        tests="${tests} mflag editor errmsg1 errmsg2 adderrmsg"
        # Watches, binary files, history browsing, &c.
***************
*** 11651,11656 ****
--- 11652,11662 ----
          rm -r 1
          rm -rf ${CVSROOT_DIRNAME}/top-dir ${CVSROOT_DIRNAME}/second-dir
          ;;
+ 
+         checkout_repository)
+           dotest_fail check_repository "${testcvs} co -d /tmp/cvs-sanity/cvsroot 
+CVSROOT" \
+ "${PROG} \[checkout aborted\]: Cannot check out files into the repository itself"
+           ;;
  
        mflag)
          for message in '' ' ' '

cvs co -d prevention

Reply via email to