# HG changeset patch
# User Mateusz Kwapich <mitrandir@fb.com>
# Date 2016-03-23 00:05:11
# Node ID 80cac1de6aea89f9d068abb09b0ea58c70bd7130
# Parent  b732e7f2aba4c4c417278c7c7488006301551855

convert: rewrite gitpipe to use common.commandline (SEC)

CVE-2016-3069 (4/5)

diff --git a/hgext/convert/common.py b/hgext/convert/common.py
--- a/hgext/convert/common.py
+++ b/hgext/convert/common.py
@@ -341,6 +341,9 @@ class commandline(object):
     def _run2(self, cmd, *args, **kwargs):
         return self._dorun(util.popen2, cmd, *args, **kwargs)
 
+    def _run3(self, cmd, *args, **kwargs):
+        return self._dorun(util.popen3, cmd, *args, **kwargs)
+
     def _dorun(self, openfunc, cmd,  *args, **kwargs):
         cmdline = self._cmdline(cmd, *args, **kwargs)
         self.ui.debug('running: %s\n' % (cmdline,))
diff --git a/hgext/convert/git.py b/hgext/convert/git.py
--- a/hgext/convert/git.py
+++ b/hgext/convert/git.py
@@ -29,21 +29,6 @@ class convert_git(converter_source, comm
     # Windows does not support GIT_DIR= construct while other systems
     # cannot remove environment variable. Just assume none have
     # both issues.
-    if util.safehasattr(os, 'unsetenv'):
-        def gitpipe(self, s):
-            prevgitdir = os.environ.get('GIT_DIR')
-            os.environ['GIT_DIR'] = self.path
-            try:
-                return util.popen3(s)
-            finally:
-                if prevgitdir is None:
-                    del os.environ['GIT_DIR']
-                else:
-                    os.environ['GIT_DIR'] = prevgitdir
-
-    else:
-        def gitpipe(self, s):
-            return util.popen3('GIT_DIR=%s %s' % (self.path, s))
 
     def _gitcmd(self, cmd, *args, **kwargs):
         return cmd('--git-dir=%s' % self.path, *args, **kwargs)
@@ -60,6 +45,9 @@ class convert_git(converter_source, comm
     def gitrunlines(self, *args, **kwargs):
         return self._gitcmd(self.runlines, *args, **kwargs)
 
+    def gitpipe(self, *args, **kwargs):
+        return self._gitcmd(self._run3, *args, **kwargs)
+
     def gitread(self, s):
         fh = self.gitopen(s)
         data = fh.read()
@@ -92,7 +80,7 @@ class convert_git(converter_source, comm
         self.path = path
         self.submodules = []
 
-        self.catfilepipe = self.gitpipe('git cat-file --batch')
+        self.catfilepipe = self.gitpipe('cat-file', '--batch')
 
     def after(self):
         for f in self.catfilepipe: