Merge pull request #2093 from ltrzesniewski/owner-validation

Make owner validation configurable
libgit2 · Nov 26, 2024 · b8f974f · b8f974f
2 parents 5fd810d + d623e3e
commit b8f974f
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 0 deletions.
diff --git a/LibGit2Sharp.Tests/GlobalSettingsFixture.cs b/LibGit2Sharp.Tests/GlobalSettingsFixture.cs
@@ -102,5 +102,20 @@ public void SetExtensions()
             extensions = GlobalSettings.GetExtensions();
             Assert.Equal(new[] { "newext", "noop", "objectformat", "partialclone", "worktreeconfig" }, extensions);
         }
+
+        [Fact]
+        public void OwnerValidation()
+        {
+            // Assert that owner validation is enabled by default
+            Assert.True(GlobalSettings.GetOwnerValidation());
+
+            // Disable owner validation
+            GlobalSettings.SetOwnerValidation(false);
+            Assert.False(GlobalSettings.GetOwnerValidation());
+
+            // Enable it again
+            GlobalSettings.SetOwnerValidation(true);
+            Assert.True(GlobalSettings.GetOwnerValidation());
+        }
     }
 }
diff --git a/LibGit2Sharp/Core/NativeMethods.cs b/LibGit2Sharp/Core/NativeMethods.cs
@@ -1,6 +1,8 @@
 using System;
 using System.IO;
+#if NET
 using System.Reflection;
+#endif
 using System.Runtime.CompilerServices;
 using System.Runtime.ConstrainedExecution;
 using System.Runtime.InteropServices;
@@ -743,6 +745,7 @@ internal static extern int git_libgit2_opts(int option, uint level,
             [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string path);
 
         // git_libgit2_opts(GIT_OPT_ENABLE_*, int enabled)
+        // git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, int enabled)
         [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl)]
         internal static extern int git_libgit2_opts(int option, int enabled);
 
@@ -762,6 +765,10 @@ internal static extern int git_libgit2_opts(int option,
         // git_libgit2_opts(GIT_OPT_GET_EXTENSIONS, git_strarray *out)
         [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl)]
         internal static extern int git_libgit2_opts(int option, out GitStrArray extensions);
+
+        // git_libgit2_opts(GIT_OPT_GET_OWNER_VALIDATION, int *enabled)
+        [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl)]
+        internal static extern unsafe int git_libgit2_opts(int option, int* enabled);
         #endregion
 
         #region git_libgit2_opts_osxarm64
@@ -779,6 +786,7 @@ internal static extern int git_libgit2_opts_osxarm64(int option, IntPtr nop2, In
             [MarshalAs(UnmanagedType.CustomMarshaler, MarshalCookie = UniqueId.UniqueIdentifier, MarshalTypeRef = typeof(StrictUtf8Marshaler))] string path);
 
         // git_libgit2_opts(GIT_OPT_ENABLE_*, int enabled)
+        // git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, int enabled)
         [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl, EntryPoint = "git_libgit2_opts")]
         internal static extern int git_libgit2_opts_osxarm64(int option, IntPtr nop2, IntPtr nop3, IntPtr nop4, IntPtr nop5, IntPtr nop6, IntPtr nop7, IntPtr nop8, int enabled);
 
@@ -798,6 +806,10 @@ internal static extern int git_libgit2_opts_osxarm64(int option, IntPtr nop2, In
         // git_libgit2_opts(GIT_OPT_GET_EXTENSIONS, git_strarray *out)
         [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl, EntryPoint = "git_libgit2_opts")]
         internal static extern int git_libgit2_opts_osxarm64(int option, IntPtr nop2, IntPtr nop3, IntPtr nop4, IntPtr nop5, IntPtr nop6, IntPtr nop7, IntPtr nop8, out GitStrArray extensions);
+
+        // git_libgit2_opts(GIT_OPT_GET_OWNER_VALIDATION, int *enabled)
+        [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl, EntryPoint = "git_libgit2_opts")]
+        internal static extern unsafe int git_libgit2_opts_osxarm64(int option, IntPtr nop2, IntPtr nop3, IntPtr nop4, IntPtr nop5, IntPtr nop6, IntPtr nop7, IntPtr nop8, int* enabled);
         #endregion
 
         [DllImport(libgit2, CallingConvention = CallingConvention.Cdecl)]

diff --git a/LibGit2Sharp/Core/Proxy.cs b/LibGit2Sharp/Core/Proxy.cs
@@ -3397,6 +3397,8 @@ private enum LibGit2Option
             SetOdbLoosePriority,             // GIT_OPT_SET_ODB_LOOSE_PRIORITY,
             GetExtensions,                   // GIT_OPT_GET_EXTENSIONS,
             SetExtensions,                   // GIT_OPT_SET_EXTENSIONS
+            GetOwnerValidation,              // GIT_OPT_GET_OWNER_VALIDATION
+            SetOwnerValidation,              // GIT_OPT_SET_OWNER_VALIDATION
         }
 
         /// <summary>
@@ -3570,6 +3572,47 @@ public static string[] git_libgit2_opts_get_extensions()
             }
         }
 
+        /// <summary>
+        /// Gets the value of owner validation
+        /// </summary>
+        public static unsafe bool git_libgit2_opts_get_owner_validation()
+        {
+            int res;
+            int enabled;
+
+            if (isOSXArm64)
+            {
+                res = NativeMethods.git_libgit2_opts_osxarm64((int)LibGit2Option.GetOwnerValidation, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, &enabled);
+            }
+            else
+            {
+                res = NativeMethods.git_libgit2_opts((int)LibGit2Option.GetOwnerValidation, &enabled);
+            }
+
+            Ensure.ZeroResult(res);
+
+            return enabled != 0;
+        }
+
+        /// <summary>
+        /// Enable or disable owner validation
+        /// </summary>
+        /// <param name="enabled">true to enable owner validation, false otherwise</param>
+        public static void git_libgit2_opts_set_owner_validation(bool enabled)
+        {
+            int res;
+
+            if (isOSXArm64)
+            {
+                res = NativeMethods.git_libgit2_opts_osxarm64((int)LibGit2Option.SetOwnerValidation, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, enabled ? 1 : 0);
+            }
+            else
+            {
+                res = NativeMethods.git_libgit2_opts((int)LibGit2Option.SetOwnerValidation, enabled ? 1 : 0);
+            }
+
+            Ensure.ZeroResult(res);
+        }
         #endregion
 
         #region git_worktree_

diff --git a/LibGit2Sharp/GlobalSettings.cs b/LibGit2Sharp/GlobalSettings.cs
@@ -417,5 +417,26 @@ public static string GetUserAgent()
         {
             return Proxy.git_libgit2_opts_get_user_agent();
         }
+
+        /// <summary>
+        /// Gets the owner validation setting for repository directories.
+        /// </summary>
+        /// <returns></returns>
+        public static bool GetOwnerValidation()
+        {
+            return Proxy.git_libgit2_opts_get_owner_validation();
+        }
+
+        /// <summary>
+        ///  Sets whether repository directories should be owned by the current user. The default is to validate ownership.
+        /// </summary>
+        /// <remarks>
+        ///  Disabling owner validation can lead to security vulnerabilities (see CVE-2022-24765).
+        /// </remarks>
+        /// <param name="enabled">true to enable owner validation; otherwise, false.</param>
+        public static void SetOwnerValidation(bool enabled)
+        {
+            Proxy.git_libgit2_opts_set_owner_validation(enabled);
+        }
     }
 }