diff --git a/mercurial/pathutil.py b/mercurial/pathutil.py --- a/mercurial/pathutil.py +++ b/mercurial/pathutil.py @@ -46,6 +46,13 @@ class pathauditor(object): or _lowerclean(parts[0]) in ('.hg', '.hg.', '') or os.pardir in parts): raise util.Abort(_("path contains illegal component: %s") % path) + # Windows shortname aliases + for p in parts: + if "~" in p: + first, last = p.split("~", 1) + if last.isdigit() and first.upper() in ["HG", "HG8B6C"]: + raise util.Abort(_("path contains illegal component: %s") + % path) if '.hg' in _lowerclean(path): lparts = [_lowerclean(p.lower()) for p in parts] for p in '.hg', '.hg.': diff --git a/tests/test-commit.t b/tests/test-commit.t --- a/tests/test-commit.t +++ b/tests/test-commit.t @@ -474,4 +474,38 @@ verify pathauditor blocks evil filepaths abort: path contains illegal component: .h\xe2\x80\x8cg/hgrc (esc) [255] - $ cd .. + $ hg rollback -f + repository tip rolled back to revision 1 (undo commit) + $ cat > evil-commit.py < from mercurial import ui, hg, context, node + > notrc = "HG~1/hgrc" + > u = ui.ui() + > r = hg.repository(u, '.') + > def filectxfn(repo, memctx, path): + > return context.memfilectx(repo, path, '[hooks]\nupdate = echo owned') + > c = context.memctx(r, [r['tip'].node(), node.nullid], + > 'evil', [notrc], filectxfn, 0) + > r.commitctx(c) + > EOF + $ $PYTHON evil-commit.py + $ hg co --clean tip + abort: path contains illegal component: HG~1/hgrc + [255] + + $ hg rollback -f + repository tip rolled back to revision 1 (undo commit) + $ cat > evil-commit.py < from mercurial import ui, hg, context, node + > notrc = "HG8B6C~2/hgrc" + > u = ui.ui() + > r = hg.repository(u, '.') + > def filectxfn(repo, memctx, path): + > return context.memfilectx(repo, path, '[hooks]\nupdate = echo owned') + > c = context.memctx(r, [r['tip'].node(), node.nullid], + > 'evil', [notrc], filectxfn, 0) + > r.commitctx(c) + > EOF + $ $PYTHON evil-commit.py + $ hg co --clean tip + abort: path contains illegal component: HG8B6C~2/hgrc + [255]