[Bug 6027] New: Links traversal check outside repo

mercurial-bugs at mercurial-scm.org mercurial-bugs at mercurial-scm.org
Thu Nov 29 01:12:47 UTC 2018


https://bz.mercurial-scm.org/show_bug.cgi?id=6027

            Bug ID: 6027
           Summary: Links traversal check outside repo
           Product: Mercurial
           Version: 4.8
          Hardware: PC
                OS: Linux
            Status: UNCONFIRMED
          Severity: bug
          Priority: wish
         Component: Mercurial
          Assignee: bugzilla at mercurial-scm.org
          Reporter: damien-43 at gmx.fr
                CC: mercurial-devel at mercurial-scm.org

Hello

I get a error when I run a command like this

```
$ hg --traceback rebase -n -b revset -d @
starting dry-run rebase; repository will not be changed
rebasing 804:1704993a3282 "next"
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/mercurial/scmutil.py", line 166, in
callcatch
    return func()
  File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 354, in
_runcatchfunc
    return _dispatch(req)
  File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 994, in
_dispatch
    cmdpats, cmdoptions)
  File "/usr/lib/python2.7/site-packages/hgext/journal.py", line 90, in
runcommand
    return orig(lui, repo, cmd, fullargs, *args)
  File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 737, in
runcommand
    ret = _runcommand(ui, options, cmd, d)
  File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 1003, in
_runcommand
    return cmdfunc()
  File "/usr/lib/python2.7/site-packages/mercurial/dispatch.py", line 991, in
<lambda>
    d = lambda: util.checksignature(func)(ui, *args, **strcmdopt)
  File "/usr/lib/python2.7/site-packages/mercurial/util.py", line 1644, in
check
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/mercurial/util.py", line 1644, in
check
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/hgext3rd/evolve/__init__.py", line
797, in warnobserrors
    return orig(ui, repo, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/mercurial/util.py", line 1644, in
check
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/mercurial/util.py", line 1644, in
check
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/hgext/mq.py", line 3631, in mqcommand
    return orig(ui, repo, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/mercurial/util.py", line 1644, in
check
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/hgext/rebase.py", line 838, in rebase
    return _dryrunrebase(ui, repo, action, opts)
  File "/usr/lib/python2.7/site-packages/hgext/rebase.py", line 887, in
_dryrunrebase
    leaveunfinished=True)
  File "/usr/lib/python2.7/site-packages/hgext/rebase.py", line 983, in
_origrebase
    rbsrt._performrebase(tr)
  File "/usr/lib/python2.7/site-packages/hgext/rebase.py", line 458, in
_performrebase
    self._rebasenode(tr, rev, allowdivergence, progress)
  File "/usr/lib/python2.7/site-packages/hgext/rebase.py", line 549, in
_rebasenode
    dest, wctx=self.wctx)
  File "/usr/lib/python2.7/site-packages/hgext/rebase.py", line 1205, in
rebasenode
    labels=['dest', 'source'], wc=wctx)
  File "/usr/lib/python2.7/site-packages/mercurial/merge.py", line 2178, in
update
    stats = applyupdates(repo, actions, wc, p2, overwrite, labels=labels)
  File "/usr/lib/python2.7/site-packages/mercurial/merge.py", line 1646, in
applyupdates
    for i, item in prog:
  File "/usr/lib/python2.7/site-packages/mercurial/merge.py", line 1510, in
batchget
    atomictemp=atomictemp)
  File "/usr/lib/python2.7/site-packages/mercurial/context.py", line 2054, in
write
    return self._parent.write(self._path, data, flags, **kwargs)
  File "/usr/lib/python2.7/site-packages/mercurial/context.py", line 1866, in
write
    self._auditconflicts(path)
  File "/usr/lib/python2.7/site-packages/mercurial/context.py", line 1847, in
_auditconflicts
    match = matchmod.match('/', '', [path + '/'], default=b'relpath')
  File "/usr/lib/python2.7/site-packages/mercurial/match.py", line 176, in
match
    kindpats = normalize(patterns, default, root, cwd, auditor, warn)
  File "/usr/lib/python2.7/site-packages/mercurial/match.py", line 223, in
_donormalize
    pat = pathutil.canonpath(root, cwd, pat, auditor)
  File "/usr/lib/python2.7/site-packages/mercurial/pathutil.py", line 192, in
canonpath
    auditor(name)
  File "/usr/lib/python2.7/site-packages/mercurial/pathutil.py", line 101, in
__call__
    self._checkfs(prefix, path)
  File "/usr/lib/python2.7/site-packages/mercurial/pathutil.py", line 124, in
_checkfs
    raise error.Abort(msg)
Abort: path 'lib/IPC/_/Context.pm' traverses symbolic link 'lib'
abandon : path 'lib/IPC/_/Context.pm' traverses symbolic link 'lib'
```

After some investigation, the problem start here.

## .../mercurial/context.py(1847)_auditconflicts()
        # Test the other direction -- that this path from p2 isn't a directory
        # in p1 (test that p1 doesn't any paths matching `path/*`).
        match = matchmod.match('/', '', [path + '/'], default=b'relpath')

Which create a matcher from the root directory and then stat("/" + "lib") to
check for symlink which
is true on my system.

Unfortunately, I can't find a reproducible way to trigger that.

A simple snippets to get the crash from match.match():
```
#!sh

[[ -e /fromroot ]] && exit 1 # no damage... please find a no existing path

su -c 'ln -s some/not/useful/path/ /fromroot'

python2 <<PY
from mercurial.match import match
match('/', '', ['fromroot/a/b/'], default=b'relpath')
PY

su -c 'rm /fromroot'
```

Regards,
Damien

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Mercurial-devel mailing list