codeclimate
diff --git a/‎src/path.c‎
Lines changed: 93 additions & 0 deletions b/‎src/path.c‎
Lines changed: 93 additions & 0 deletions
diff --git a/‎src/path.h‎
Lines changed: 5 additions & 0 deletions b/‎src/path.h‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎tests/checkout/nasty.c‎
Lines changed: 42 additions & 0 deletions b/‎tests/checkout/nasty.c‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎tests/path/core.c‎
Lines changed: 30 additions & 1 deletion b/‎tests/path/core.c‎
Lines changed: 30 additions & 1 deletion
diff --git a/‎tests/resources/nasty/.gitted/objects/04/fab819d8388295cbe3496310e4e53ef8f4a115‎
49 Bytes b/‎tests/resources/nasty/.gitted/objects/04/fab819d8388295cbe3496310e4e53ef8f4a115‎
49 Bytes
diff --git a/‎tests/resources/nasty/.gitted/objects/0b/8206dd72a3b3b932fb562f92d29199b9398390‎
50 Bytes b/‎tests/resources/nasty/.gitted/objects/0b/8206dd72a3b3b932fb562f92d29199b9398390‎
50 Bytes
diff --git a/‎tests/resources/nasty/.gitted/objects/10/cb44a89d1a9e8bf74de3f11a2a61ee833f13b1‎
50 Bytes b/‎tests/resources/nasty/.gitted/objects/10/cb44a89d1a9e8bf74de3f11a2a61ee833f13b1‎
50 Bytes
diff --git a/‎tests/resources/nasty/.gitted/objects/11/9f6cd3535de0e2a15654947a7b1a5affbf1406‎
50 Bytes b/‎tests/resources/nasty/.gitted/objects/11/9f6cd3535de0e2a15654947a7b1a5affbf1406‎
50 Bytes
diff --git a/‎tests/resources/nasty/.gitted/objects/15/f7d9f9514eeb65b9588c49b10b1da145a729a2‎
Lines changed: 2 additions & 0 deletions b/‎tests/resources/nasty/.gitted/objects/15/f7d9f9514eeb65b9588c49b10b1da145a729a2‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎tests/resources/nasty/.gitted/objects/16/35c47d80914f0abfa43dd4234a948db5bdb107‎
Lines changed: 2 additions & 0 deletions b/‎tests/resources/nasty/.gitted/objects/16/35c47d80914f0abfa43dd4234a948db5bdb107‎
Lines changed: 2 additions & 0 deletions
@@ -1282,6 +1282,95 @@ GIT_INLINE(bool) verify_dospath(
 		component[last] != ':');
 }
 
+GIT_INLINE(bool) verify_dotgit_hfs(const char *component, size_t len)
+{
+	const unsigned char *c;
+	int git = 0, ign = 0;
+	unsigned char one, two;
+
+	while (len) {
+		switch (*(c = (const unsigned char *)component++)) {
+		case '.':
+			if (ign || git++ != 0)
+				return true;
+			break;
+		case 'g':
+		case 'G':
+			if (ign || git++ != 1)
+				return true;
+			break;
+		case 'i':
+		case 'I':
+			if (ign || git++ != 2)
+				return true;
+			break;
+		case 't':
+		case 'T':
+			if (ign || git++ != 3)
+				return true;
+			break;
+
+		case 0xe2:
+		case 0xef:
+			if (ign++ != 0)
+				return true;
+			one = *c;
+			break;
+
+		case 0x80:
+		case 0x81:
+			if (ign++ != 1 || one != 0xe2)
+				return true;
+			two = *c;
+			break;
+
+		case 0xbb:
+			if (ign++ != 1 || one != 0xef)
+				return true;
+			two = *c;
+			break;
+
+		case 0x8c:
+		case 0x8d:
+		case 0x8e:
+		case 0x8f:
+			if (ign != 2 || two != 0x80)
+				return true;
+			ign = 0;
+			break;
+
+		case 0xaa:
+		case 0xab:
+		case 0xac:
+		case 0xad:
+		case 0xae:
+			if (ign != 2 || (two != 0x80 && two != 0x81))
+				return true;
+			ign = 0;
+			break;
+
+		case 0xaf:
+			if (ign != 2 || two != 0x81)
+				return true;
+			ign = 0;
+			break;
+
+		case 0xbf:
+			if (ign != 2 || two != 0xbb)
+				return true;
+			ign = 0;
+			break;
+
+		default:
+			return true;
+		}
+
+		len--;
+	}
+
+	return (ign || git != 4);
+}
+
 GIT_INLINE(bool) verify_char(unsigned char c, unsigned int flags)
 {
 	if ((flags & GIT_PATH_REJECT_BACKSLASH) && c == '\\')
@@ -1362,6 +1451,10 @@ static bool verify_component(
 			return false;
 	}
 
+	if (flags & GIT_PATH_REJECT_DOT_GIT_HFS &&
+		!verify_dotgit_hfs(component, len))
+		return false;
+
 	return true;
 }
 
 
@@ -472,6 +472,7 @@ extern int git_path_from_url_or_path(git_buf *local_path_out, const char *url_or
 #define GIT_PATH_REJECT_DOS_GIT_SHORTNAME  (1 << 6)
 #define GIT_PATH_REJECT_DOS_PATHS          (1 << 7)
 #define GIT_PATH_REJECT_NT_CHARS           (1 << 8)
+#define GIT_PATH_REJECT_DOT_GIT_HFS        (1 << 9)
 
 #ifdef GIT_WIN32
 # define GIT_PATH_REJECT_DEFAULTS \
@@ -483,6 +484,10 @@ extern int git_path_from_url_or_path(git_buf *local_path_out, const char *url_or
 	GIT_PATH_REJECT_DOS_GIT_SHORTNAME | \
 	GIT_PATH_REJECT_DOS_PATHS | \
 	GIT_PATH_REJECT_NT_CHARS
+#elif __APPLE__
+# define GIT_PATH_REJECT_DEFAULTS \
+	GIT_PATH_REJECT_TRAVERSAL | \
+	GIT_PATH_REJECT_DOT_GIT_HFS
 #else
 # define GIT_PATH_REJECT_DEFAULTS GIT_PATH_REJECT_TRAVERSAL
 #endif
 
@@ -249,3 +249,45 @@ void test_checkout_nasty__dot_git_colon_stuff(void)
 #endif
 }
 
+/* Trees that contains entries with a tree ".git" that contain
+ * byte sequences:
+ * { 0xe2, 0x80, 0x8c }
+ * { 0xe2, 0x80, 0x8d }
+ * { 0xe2, 0x80, 0x8e }
+ * { 0xe2, 0x80, 0x8f }
+ * { 0xe2, 0x80, 0xaa }
+ * { 0xe2, 0x80, 0xab }
+ * { 0xe2, 0x80, 0xac }
+ * { 0xe2, 0x80, 0xad }
+ * { 0xe2, 0x81, 0xae }
+ * { 0xe2, 0x81, 0xaa }
+ * { 0xe2, 0x81, 0xab }
+ * { 0xe2, 0x81, 0xac }
+ * { 0xe2, 0x81, 0xad }
+ * { 0xe2, 0x81, 0xae }
+ * { 0xe2, 0x81, 0xaf }
+ * { 0xef, 0xbb, 0xbf }
+ * Because these map to characters that HFS filesystems "ignore".  Thus
+ * ".git<U+200C>" will map to ".git".
+ */
+void test_checkout_nasty__dot_git_hfs_ignorable(void)
+{
+#ifdef __APPLE__
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_1", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_2", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_3", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_4", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_5", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_6", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_7", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_8", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_9", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_10", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_11", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_12", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_13", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_14", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_15", ".git/foobar");
+	test_checkout_fails("refs/heads/dotgit_hfs_ignorable_16", ".git/foobar");
+#endif
+}
@@ -223,7 +223,7 @@ void test_path_core__isvalid_dos_paths_withnum(void)
 	cl_assert_equal_b(true, git_path_isvalid(NULL, "com1\\foo", GIT_PATH_REJECT_DOS_PATHS));
 }
 
-void test_core_path__isvalid_nt_chars(void)
+void test_path_core__isvalid_nt_chars(void)
 {
 	cl_assert_equal_b(true, git_path_isvalid(NULL, "asdf\001foo", 0));
 	cl_assert_equal_b(true, git_path_isvalid(NULL, "asdf\037bar", 0));
@@ -245,3 +245,32 @@ void test_core_path__isvalid_nt_chars(void)
 	cl_assert_equal_b(false, git_path_isvalid(NULL, "asdf?bar", GIT_PATH_REJECT_NT_CHARS));
 	cl_assert_equal_b(false, git_path_isvalid(NULL, "asdf*bar", GIT_PATH_REJECT_NT_CHARS));
 }
+
+void test_path_core__isvalid_dotgit_with_hfs_ignorables(void)
+{
+	cl_assert_equal_b(false, git_path_isvalid(NULL, ".git", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(false, git_path_isvalid(NULL, ".git\xe2\x80\x8c", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(false, git_path_isvalid(NULL, ".gi\xe2\x80\x8dT", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(false, git_path_isvalid(NULL, ".g\xe2\x80\x8eIt", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(false, git_path_isvalid(NULL, ".\xe2\x80\x8fgIt", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(false, git_path_isvalid(NULL, "\xe2\x80\xaa.gIt", GIT_PATH_REJECT_DOT_GIT_HFS));
+
+	cl_assert_equal_b(false, git_path_isvalid(NULL, "\xe2\x80\xab.\xe2\x80\xacG\xe2\x80\xadI\xe2\x80\xaet", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(false, git_path_isvalid(NULL, "\xe2\x81\xab.\xe2\x80\xaaG\xe2\x81\xabI\xe2\x80\xact", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(false, git_path_isvalid(NULL, "\xe2\x81\xad.\xe2\x80\xaeG\xef\xbb\xbfIT", GIT_PATH_REJECT_DOT_GIT_HFS));
+
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".g", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".gi", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, " .git", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, "..git\xe2\x80\x8c", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".gi\xe2\x80\x8dT.", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".g\xe2\x80It", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".\xe2gIt", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, "\xe2\x80\xaa.gi", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".gi\x80\x8dT", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".gi\x8dT", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".g\xe2i\x80T\x8e", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".git\xe2\x80\xbf", GIT_PATH_REJECT_DOT_GIT_HFS));
+	cl_assert_equal_b(true, git_path_isvalid(NULL, ".git\xe2\xab\x81", GIT_PATH_REJECT_DOT_GIT_HFS));
+}
@@ -0,0 +1,2 @@
+x��1�0E�s
+�H(iں�bae�&q��(5Bܞp������Ժ*�`wژ�ѓ3���C��1�epB�>����H�KzSKp+R7y�����s]c�M������ӌK���.{W��s�M?P)�|?�
 
@@ -0,0 +1,2 @@
+x��=!��9��&����[+/��gc����k��W|/Q��
+������gD���d?*k���R�ҋ��+5��wl+�NO8㠿u�[jԩ�)Q������>�Q���/��q��?Pc�=����?q
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+x��1�0E�s`
	`2`	+�H(iں�bae�&q��(5Bܞp��Ժ*�`wژ�ѓ3��C��1�epB�>��H�KzSKp+R7y��s]c�M��ӌK��.{W��s�M?P)�\|?�
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+x��=!��9��&��[+/��gc��k��W\|/Q��`
	`2`	`+��gD��d?*k��R�ҋ��+5��wl+�NO8㠿u�[jԩ�)Q��>�Q��/��q��?Pc�=��?q`