[PATCH STABLE] subrepo: avoid false unsafe path detection on Windows

Yuya Nishihara yuya at tcha.org
Wed Feb 6 06:54:02 EST 2019


On Tue, 05 Feb 2019 21:04:00 -0500, Matt Harbison wrote:
> # HG changeset patch
> # User Matt Harbison <matt_harbison at yahoo.com>
> # Date 1549417854 18000
> #      Tue Feb 05 20:50:54 2019 -0500
> # Branch stable
> # Node ID 0e18c6ec895542394c0ad18c380bf3bbd4ba4d9b
> # Parent  8b2892d5a9f2c06c998c977015a9ad3e3a3c9b5f
> subrepo: avoid false unsafe path detection on Windows
> 
> Subrepo paths are not normalized for the OS, so what was happening in the
> subsequent root path check was:
> 
>     root                  -> $TESTTMP\issue1852a\sub/repo
>     util.expandpath(...)  -> $TESTTMP\issue1852a\sub/repo
>     os.path.realpath(...) -> $TESTTMP\issue1852a\sub\repo

Oops, my bad.

> diff --git a/mercurial/subrepo.py b/mercurial/subrepo.py
> --- a/mercurial/subrepo.py
> +++ b/mercurial/subrepo.py
> @@ -405,7 +405,7 @@ class hgsubrepo(abstractsubrepo):
>          super(hgsubrepo, self).__init__(ctx, path)
>          self._state = state
>          r = ctx.repo()
> -        root = r.wjoin(path)
> +        root = os.path.realpath(r.wjoin(path))

Can we do r.wjoin(util.localpath(path)) instead? Even though symlinks and
".."s should be checked before, I want to avoid path resolution here for
extra safety.

What I'm not certain is whether realpath() does normalize long/short names
and lower/upper case stuff. os.path.realpath() appears to call
GetFullPathName() on Windows, and I guess it wouldn't do such normalization,
but I'm not sure.

https://docs.microsoft.com/en-us/windows/desktop/api/fileapi/nf-fileapi-getfullpathnamea


More information about the Mercurial-devel mailing list