diff options
Diffstat (limited to 'usr/local/bin/git-wrapper')
| -rw-r--r-- | usr/local/bin/git-wrapper | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/usr/local/bin/git-wrapper b/usr/local/bin/git-wrapper index f5ca870..bf0781b 100644 --- a/usr/local/bin/git-wrapper +++ b/usr/local/bin/git-wrapper @@ -11,6 +11,11 @@ fi cmd=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d' ' -f1) path=$(echo "$SSH_ORIGINAL_COMMAND" | cut -d"'" -f2) +if [[ "$path" == *..* ]]; then + echo "Invalid path" >&2 + exit 1 +fi + case "$cmd" in # Allow only specific git commands and ensure that the repository path is correctly prefixed with /repositories if it's not an absolute path. git-upload-pack|git-receive-pack|git-upload-archive) |