upstream/mercurial-mirror Files · mercurial/sshserver.py

subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols (SEC)...

subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols (SEC) CVE-2016-3068 (1/1) Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. This feature allows implementing simple git smart transports with a single shell shell command. However, git submodules could clone arbitrary URLs specified in the .gitmodules file. This was reported as CVE-2015-7545 and fixed in git v2.6.1. However, if a user directly clones a malicious ext URL, the git client will still run arbitrary shell commands. Mercurial is similarly effected. Mercurial allows specifying git repositories as subrepositories. Git ext:: URLs can be specified as Mercurial subrepositories allowing arbitrary shell commands to be run on `hg clone ...`. The Mercurial community would like to thank Blake Burkhart for reporting this issue. The description of the issue is copied from Blake's report. This commit changes submodules to pass the GIT_ALLOW_PROTOCOL env variable to git commands with the same list of allowed protocols that git submodule is using. When the GIT_ALLOW_PROTOCOL env variable is already set, we just pass it to git without modifications.

Pierre-Yves David - - Load All Authors

File last commit:

r26587:56b2bcea default


                r28658:34d43cb8

stable

Download file

             sshserver.py
        
                    134 lines
            
             | 3.6 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / mercurial / sshserver.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Vadim Gelfer
    
fix comment.

              r2399
            
      # sshserver.py - ssh protocol server support for mercurial

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
      #

        Thomas Arendsen Hein
    
Updated copyright notices and add "and others" to "hg version"

              r4635
            
      # Copyright 2005-2007 Matt Mackall <mpm@selenic.com>

        Vadim Gelfer
    
update copyrights.

              r2859
            
      # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
      #

        Martin Geisler
    
updated license to be explicit about GPL version 2

              r8225
            
      # This software may be used and distributed according to the terms of the

        Matt Mackall
    
Update license to GPLv2+

              r10263
            
      # GNU General Public License version 2 or any later version.

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
        Gregory Szorc
    
sshserver: use absolute_import

              r25976
            
      from __future__ import absolute_import

      import os

      import sys

      from . import (

        Pierre-Yves David
    
error: get Abort from 'error' instead of 'util'...

              r26587
            
          error,

        Gregory Szorc
    
sshserver: use absolute_import

              r25976
            
          hook,

          util,

          wireproto,

      )

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
        Pierre-Yves David
    
wireproto: introduce an abstractserverproto class...

              r20903
            
      class sshserver(wireproto.abstractserverproto):

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
          def __init__(self, ui, repo):

              self.ui = ui

              self.repo = repo

              self.lock = None

        Idan Kamara
    
ui: use I/O descriptors internally...

              r14614
            
              self.fin = ui.fin

              self.fout = ui.fout

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
        Matt Mackall
    
hook: redirect stdout to stderr for ssh and http servers

              r5833
            
              hook.redirect(True)

        Idan Kamara
    
ui: use I/O descriptors internally...

              r14614
            
              ui.fout = repo.ui.fout = ui.ferr

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
              # Prevent insertion/deletion of CRs

        Adrian Buehlmann
    
rename util.set_binary to setbinary

              r14233
            
              util.setbinary(self.fin)

              util.setbinary(self.fout)

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
        Matt Mackall
    
protocol: add ssh getargs...

              r11579
            
          def getargs(self, args):

              data = {}

              keys = args.split()

              for n in xrange(len(keys)):

                  argline = self.fin.readline()[:-1]

                  arg, l = argline.split()

                  if arg not in keys:

        Pierre-Yves David
    
error: get Abort from 'error' instead of 'util'...

              r26587
            
                      raise error.Abort("unexpected parameter %r" % arg)

        Matt Mackall
    
protocol: add ssh getargs...

              r11579
            
                  if arg == '*':

                      star = {}

        Peter Arrenbrecht
    
wireproto: fix handling of '*' args for HTTP and SSH

              r13721
            
                      for k in xrange(int(l)):

                          argline = self.fin.readline()[:-1]

        Matt Mackall
    
protocol: add ssh getargs...

              r11579
            
                          arg, l = argline.split()

                          val = self.fin.read(int(l))

                          star[arg] = val

                      data['*'] = star

                  else:

        Peter Arrenbrecht
    
wireproto: fix handling of '*' args for HTTP and SSH

              r13721
            
                      val = self.fin.read(int(l))

        Matt Mackall
    
protocol: add ssh getargs...

              r11579
            
                      data[arg] = val

              return [data[k] for k in keys]

          def getarg(self, name):

              return self.getargs(name)[0]

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
        Dirkjan Ochtman
    
protocol: shuffle server methods to group send methods

              r11621
            
          def getfile(self, fpout):

        Dirkjan Ochtman
    
protocol: rename send methods to get grouping by prefix

              r11622
            
              self.sendresponse('')

        Dirkjan Ochtman
    
protocol: shuffle server methods to group send methods

              r11621
            
              count = int(self.fin.readline())

              while count:

                  fpout.write(self.fin.read(count))

                  count = int(self.fin.readline())

          def redirect(self):

              pass

        Dirkjan Ochtman
    
protocol: extract compression from streaming mechanics

              r11623
            
          def groupchunks(self, changegroup):

        Matt Mackall
    
protocol: unify changegroup commands...

              r11584
            
              while True:

                  d = changegroup.read(4096)

                  if not d:

                      break

        Dirkjan Ochtman
    
protocol: extract compression from streaming mechanics

              r11623
            
                  yield d

        Matt Mackall
    
protocol: unify changegroup commands...

              r11584
            
        Dirkjan Ochtman
    
protocol: extract compression from streaming mechanics

              r11623
            
          def sendresponse(self, v):

              self.fout.write("%d\n" % len(v))

              self.fout.write(v)

        Matt Mackall
    
protocol: unify changegroup commands...

              r11584
            
              self.fout.flush()

        Matt Mackall
    
protocol: unify stream_out command

              r11585
            
          def sendstream(self, source):

        Bryan O'Sullivan
    
sshserver: avoid a multi-dot attribute lookup in a hot loop...

              r17563
            
              write = self.fout.write

        Dirkjan Ochtman
    
protocol: wrap non-string protocol responses in classes

              r11625
            
              for chunk in source.gen:

        Bryan O'Sullivan
    
sshserver: avoid a multi-dot attribute lookup in a hot loop...

              r17563
            
                  write(chunk)

        Matt Mackall
    
protocol: unify stream_out command

              r11585
            
              self.fout.flush()

        Dirkjan Ochtman
    
protocol: wrap non-string protocol responses in classes

              r11625
            
          def sendpushresponse(self, rsp):

        Dirkjan Ochtman
    
protocol: rename send methods to get grouping by prefix

              r11622
            
              self.sendresponse('')

        Dirkjan Ochtman
    
protocol: wrap non-string protocol responses in classes

              r11625
            
              self.sendresponse(str(rsp.res))

        Matt Mackall
    
protocol: unify unbundle on the server side

              r11593
            
        Benoit Boissinot
    
wireproto: introduce pusherr() to deal with "unsynced changes" error...

              r12703
            
          def sendpusherror(self, rsp):

              self.sendresponse(rsp.res)

        Andrew Pritchard
    
wireproto: add out-of-band error class to allow remote repo to report errors...

              r15017
            
          def sendooberror(self, rsp):

              self.ui.ferr.write('%s\n-\n' % rsp.message)

              self.ui.ferr.flush()

              self.fout.write('\n')

              self.fout.flush()

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
          def serve_forever(self):

        Ronny Pfannschmidt
    
switch lock releasing in the core from gc to explicit

              r8109
            
              try:

        Matt Mackall
    
many, many trivial check-code fixups

              r10282
            
                  while self.serve_one():

                      pass

        Ronny Pfannschmidt
    
switch lock releasing in the core from gc to explicit

              r8109
            
              finally:

                  if self.lock is not None:

                      self.lock.release()

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
              sys.exit(0)

        Dirkjan Ochtman
    
protocol: wrap non-string protocol responses in classes

              r11625
            
          handlers = {

              str: sendresponse,

              wireproto.streamres: sendstream,

              wireproto.pushres: sendpushresponse,

        Benoit Boissinot
    
wireproto: introduce pusherr() to deal with "unsynced changes" error...

              r12703
            
              wireproto.pusherr: sendpusherror,

        Andrew Pritchard
    
wireproto: add out-of-band error class to allow remote repo to report errors...

              r15017
            
              wireproto.ooberror: sendooberror,

        Dirkjan Ochtman
    
protocol: wrap non-string protocol responses in classes

              r11625
            
          }

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
          def serve_one(self):

              cmd = self.fin.readline()[:-1]

        Dirkjan Ochtman
    
protocol: command must be checked before passing in

              r11618
            
              if cmd and cmd in wireproto.commands:

        Dirkjan Ochtman
    
protocol: wrap non-string protocol responses in classes

              r11625
            
                  rsp = wireproto.dispatch(self.repo, self, cmd)

                  self.handlers[rsp.__class__](self, rsp)

        Dirkjan Ochtman
    
protocol: command must be checked before passing in

              r11618
            
              elif cmd:

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
                  impl = getattr(self, 'do_' + cmd, None)

        Matt Mackall
    
many, many trivial check-code fixups

              r10282
            
                  if impl:

        Matt Mackall
    
protocol: move most ssh responses to returns

              r11580
            
                      r = impl()

                      if r is not None:

        Dirkjan Ochtman
    
protocol: rename send methods to get grouping by prefix

              r11622
            
                          self.sendresponse(r)

                  else: self.sendresponse("")

        Vadim Gelfer
    
refactor ssh server.

              r2396
            
              return cmd != ''

        Matt Mackall
    
protocol: unify unbundle on the server side

              r11593
            
          def _client(self):

        Vadim Gelfer
    
hooks: add url to changegroup, incoming, prechangegroup, pretxnchangegroup hooks...

              r2673
            
              client = os.environ.get('SSH_CLIENT', '').split(' ', 1)[0]

              return 'remote:ssh:' + client

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Vadim Gelfer fix comment.	r2399	# sshserver.py - ssh protocol server support for mercurial
Vadim Gelfer refactor ssh server.	r2396	#
Thomas Arendsen Hein Updated copyright notices and add "and others" to "hg version"	r4635	# Copyright 2005-2007 Matt Mackall <mpm@selenic.com>
Vadim Gelfer update copyrights.	r2859	# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
Vadim Gelfer refactor ssh server.	r2396	#
Martin Geisler updated license to be explicit about GPL version 2	r8225	# This software may be used and distributed according to the terms of the
Matt Mackall Update license to GPLv2+	r10263	# GNU General Public License version 2 or any later version.
Vadim Gelfer refactor ssh server.	r2396
Gregory Szorc sshserver: use absolute_import	r25976	from __future__ import absolute_import

		import os
		import sys

		from . import (
Pierre-Yves David error: get Abort from 'error' instead of 'util'...	r26587	error,
Gregory Szorc sshserver: use absolute_import	r25976	hook,
		util,
		wireproto,
		)
Vadim Gelfer refactor ssh server.	r2396
Pierre-Yves David wireproto: introduce an abstractserverproto class...	r20903	class sshserver(wireproto.abstractserverproto):
Vadim Gelfer refactor ssh server.	r2396	def __init__(self, ui, repo):
		self.ui = ui
		self.repo = repo
		self.lock = None
Idan Kamara ui: use I/O descriptors internally...	r14614	self.fin = ui.fin
		self.fout = ui.fout
Vadim Gelfer refactor ssh server.	r2396
Matt Mackall hook: redirect stdout to stderr for ssh and http servers	r5833	hook.redirect(True)
Idan Kamara ui: use I/O descriptors internally...	r14614	ui.fout = repo.ui.fout = ui.ferr
Vadim Gelfer refactor ssh server.	r2396
		# Prevent insertion/deletion of CRs
Adrian Buehlmann rename util.set_binary to setbinary	r14233	util.setbinary(self.fin)
		util.setbinary(self.fout)
Vadim Gelfer refactor ssh server.	r2396
Matt Mackall protocol: add ssh getargs...	r11579	def getargs(self, args):
		data = {}
		keys = args.split()
		for n in xrange(len(keys)):
		argline = self.fin.readline()[:-1]
		arg, l = argline.split()
		if arg not in keys:
Pierre-Yves David error: get Abort from 'error' instead of 'util'...	r26587	raise error.Abort("unexpected parameter %r" % arg)
Matt Mackall protocol: add ssh getargs...	r11579	if arg == '*':
		star = {}
Peter Arrenbrecht wireproto: fix handling of '*' args for HTTP and SSH	r13721	for k in xrange(int(l)):
		argline = self.fin.readline()[:-1]
Matt Mackall protocol: add ssh getargs...	r11579	arg, l = argline.split()
		val = self.fin.read(int(l))
		star[arg] = val
		data['*'] = star
		else:
Peter Arrenbrecht wireproto: fix handling of '*' args for HTTP and SSH	r13721	val = self.fin.read(int(l))
Matt Mackall protocol: add ssh getargs...	r11579	data[arg] = val
		return [data[k] for k in keys]

		def getarg(self, name):
		return self.getargs(name)[0]
Vadim Gelfer refactor ssh server.	r2396
Dirkjan Ochtman protocol: shuffle server methods to group send methods	r11621	def getfile(self, fpout):
Dirkjan Ochtman protocol: rename send methods to get grouping by prefix	r11622	self.sendresponse('')
Dirkjan Ochtman protocol: shuffle server methods to group send methods	r11621	count = int(self.fin.readline())
		while count:
		fpout.write(self.fin.read(count))
		count = int(self.fin.readline())

		def redirect(self):
		pass

Dirkjan Ochtman protocol: extract compression from streaming mechanics	r11623	def groupchunks(self, changegroup):
Matt Mackall protocol: unify changegroup commands...	r11584	while True:
		d = changegroup.read(4096)
		if not d:
		break
Dirkjan Ochtman protocol: extract compression from streaming mechanics	r11623	yield d
Matt Mackall protocol: unify changegroup commands...	r11584
Dirkjan Ochtman protocol: extract compression from streaming mechanics	r11623	def sendresponse(self, v):
		self.fout.write("%d\n" % len(v))
		self.fout.write(v)
Matt Mackall protocol: unify changegroup commands...	r11584	self.fout.flush()

Matt Mackall protocol: unify stream_out command	r11585	def sendstream(self, source):
Bryan O'Sullivan sshserver: avoid a multi-dot attribute lookup in a hot loop...	r17563	write = self.fout.write
Dirkjan Ochtman protocol: wrap non-string protocol responses in classes	r11625	for chunk in source.gen:
Bryan O'Sullivan sshserver: avoid a multi-dot attribute lookup in a hot loop...	r17563	write(chunk)
Matt Mackall protocol: unify stream_out command	r11585	self.fout.flush()

Dirkjan Ochtman protocol: wrap non-string protocol responses in classes	r11625	def sendpushresponse(self, rsp):
Dirkjan Ochtman protocol: rename send methods to get grouping by prefix	r11622	self.sendresponse('')
Dirkjan Ochtman protocol: wrap non-string protocol responses in classes	r11625	self.sendresponse(str(rsp.res))
Matt Mackall protocol: unify unbundle on the server side	r11593
Benoit Boissinot wireproto: introduce pusherr() to deal with "unsynced changes" error...	r12703	def sendpusherror(self, rsp):
		self.sendresponse(rsp.res)

Andrew Pritchard wireproto: add out-of-band error class to allow remote repo to report errors...	r15017	def sendooberror(self, rsp):
		self.ui.ferr.write('%s\n-\n' % rsp.message)
		self.ui.ferr.flush()
		self.fout.write('\n')
		self.fout.flush()

Vadim Gelfer refactor ssh server.	r2396	def serve_forever(self):
Ronny Pfannschmidt switch lock releasing in the core from gc to explicit	r8109	try:
Matt Mackall many, many trivial check-code fixups	r10282	while self.serve_one():
		pass
Ronny Pfannschmidt switch lock releasing in the core from gc to explicit	r8109	finally:
		if self.lock is not None:
		self.lock.release()
Vadim Gelfer refactor ssh server.	r2396	sys.exit(0)

Dirkjan Ochtman protocol: wrap non-string protocol responses in classes	r11625	handlers = {
		str: sendresponse,
		wireproto.streamres: sendstream,
		wireproto.pushres: sendpushresponse,
Benoit Boissinot wireproto: introduce pusherr() to deal with "unsynced changes" error...	r12703	wireproto.pusherr: sendpusherror,
Andrew Pritchard wireproto: add out-of-band error class to allow remote repo to report errors...	r15017	wireproto.ooberror: sendooberror,
Dirkjan Ochtman protocol: wrap non-string protocol responses in classes	r11625	}

Vadim Gelfer refactor ssh server.	r2396	def serve_one(self):
		cmd = self.fin.readline()[:-1]
Dirkjan Ochtman protocol: command must be checked before passing in	r11618	if cmd and cmd in wireproto.commands:
Dirkjan Ochtman protocol: wrap non-string protocol responses in classes	r11625	rsp = wireproto.dispatch(self.repo, self, cmd)
		self.handlers[rsp.__class__](self, rsp)
Dirkjan Ochtman protocol: command must be checked before passing in	r11618	elif cmd:
Vadim Gelfer refactor ssh server.	r2396	impl = getattr(self, 'do_' + cmd, None)
Matt Mackall many, many trivial check-code fixups	r10282	if impl:
Matt Mackall protocol: move most ssh responses to returns	r11580	r = impl()
		if r is not None:
Dirkjan Ochtman protocol: rename send methods to get grouping by prefix	r11622	self.sendresponse(r)
		else: self.sendresponse("")
Vadim Gelfer refactor ssh server.	r2396	return cmd != ''

Matt Mackall protocol: unify unbundle on the server side	r11593	def _client(self):
Vadim Gelfer hooks: add url to changegroup, incoming, prechangegroup, pretxnchangegroup hooks...	r2673	client = os.environ.get('SSH_CLIENT', '').split(' ', 1)[0]
		return 'remote:ssh:' + client