From 5aedc8af94c0a8ffc58cbd09993192dea9b238db Mon Sep 17 00:00:00 2001
From: "Bryan C. Mills" <bcmills@google.com>
Date: Tue, 4 Dec 2018 14:37:39 -0500
Subject: [PATCH] [release-branch.go1.11-security] cmd/go/internal/get: reject
 Windows shortnames as path components

Change-Id: Ia32d8ec1fc0c4e242f50d8871c0ef3ce315f3c65
Reviewed-on: https://team-review.git.corp.google.com/c/370572
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
---
 src/cmd/go/internal/get/path.go          | 21 ++++++++++++++++++++-
 src/cmd/go/testdata/script/get_tilde.txt | 21 +++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 src/cmd/go/testdata/script/get_tilde.txt

diff --git a/src/cmd/go/internal/get/path.go b/src/cmd/go/internal/get/path.go
index 2920fc2085..c8072b25fd 100644
--- a/src/cmd/go/internal/get/path.go
+++ b/src/cmd/go/internal/get/path.go
@@ -11,7 +11,8 @@ import (
 	"unicode/utf8"
 )
 
-// The following functions are copied verbatim from cmd/go/internal/module/module.go.
+// The following functions are copied verbatim from cmd/go/internal/module/module.go,
+// with one change to additionally reject Windows short-names.
 //
 // TODO(bcmills): After the call site for this function is backported,
 // consolidate this back down to a single copy.
@@ -76,6 +77,7 @@ func checkElem(elem string, fileName bool) error {
 	if elem[len(elem)-1] == '.' {
 		return fmt.Errorf("trailing dot in path element")
 	}
+
 	charOK := pathOK
 	if fileName {
 		charOK = fileNameOK
@@ -97,6 +99,23 @@ func checkElem(elem string, fileName bool) error {
 			return fmt.Errorf("disallowed path element %q", elem)
 		}
 	}
+
+	// Reject path components that look like Windows short-names.
+	// Those usually end in a tilde followed by one or more ASCII digits.
+	if tilde := strings.LastIndexByte(short, '~'); tilde >= 0 && tilde < len(short)-1 {
+		suffix := short[tilde+1:]
+		suffixIsDigits := true
+		for _, r := range suffix {
+			if r < '0' || r > '9' {
+				suffixIsDigits = false
+				break
+			}
+		}
+		if suffixIsDigits {
+			return fmt.Errorf("trailing tilde and digits in path element")
+		}
+	}
+
 	return nil
 }
 
diff --git a/src/cmd/go/testdata/script/get_tilde.txt b/src/cmd/go/testdata/script/get_tilde.txt
new file mode 100644
index 0000000000..08289ca405
--- /dev/null
+++ b/src/cmd/go/testdata/script/get_tilde.txt
@@ -0,0 +1,21 @@
+# Paths containing windows short names should be rejected before attempting to fetch.
+! go get example.com/longna~1.dir/thing
+stderr 'trailing tilde and digits'
+! go get example.com/longna~1/thing
+stderr 'trailing tilde and digits'
+! go get example.com/~9999999/thing
+stderr 'trailing tilde and digits'
+
+# A path containing an element that is just a tilde, or a tilde followed by non-digits,
+# should attempt to resolve.
+! go get example.com/~glenda/notfound
+! stderr 'trailing tilde and digits'
+stderr 'unrecognized import path'
+
+! go get example.com/~glenda2/notfound
+! stderr 'trailing tilde and digits'
+stderr 'unrecognized import path'
+
+! go get example.com/~/notfound
+! stderr 'trailing tilde and digits'
+stderr 'unrecognized import path'
-- 
2.48.1