scm/git: prevent exec bomb with 'env :userpaths'

Using `git` from `Formula#install` can cause an exec bomb if used in a formula with `env :userpaths` because that causes both `Library/ENV/4.3` and `Library/ENV/scm` to be in PATH, both of which contain a `git` binary that is the same SCM wrapper. Those will mutually exec each other indefinitely as they fail to detect that they are the same wrapper. Extend the exec-bomb protection to check the paths after all symbolic links have been expanded to prevent this situation. Fixes #43. Fixes Homebrew/homebrew-core#133. Fixed Homebrew/homebrew-core#143. Closes #46. Signed-off-by: Martin Afanasjew <martin@afanasjew.de>

scm/git: prevent exec bomb with 'env :userpaths'
d7aa0c03 · Martin Afanasjew · d5085edc · d7aa0c03
Commit d7aa0c03 authored 8 years ago by Martin Afanasjew
--- a/Library/ENV/scm/git
+++ b/Library/ENV/scm/git
@@ -13,13 +13,16 @@ exec "$HOMEBREW_RUBY_PATH" -x "$0" "$@"
 # This script because we support $GIT, $HOMEBREW_SVN, etc., Xcode-only and
 # no Xcode/CLT configurations. Order is careful to be what the user would want.

+require "pathname"
+
+SELF_REAL = Pathname.new(__FILE__).realpath
 F = File.basename(__FILE__).freeze
 D = File.expand_path(File.dirname(__FILE__)).freeze

 def exec(*args)
  # prevent fork-bombs
  arg0 = args.first
-  return if arg0 =~ /^#{F}/i || File.expand_path(arg0) == File.expand_path(__FILE__)
+  return if arg0 =~ /^#{F}/i || Pathname.new(arg0).realpath == SELF_REAL
  super
 end