Show More
| @@ -92,10 +92,13 b' def parsepatchoutput(output_line):' | |||||
| 92 | def sshargs(sshcmd, host, user, port): |
|
92 | def sshargs(sshcmd, host, user, port): | |
| 93 | '''Build argument list for ssh''' |
|
93 | '''Build argument list for ssh''' | |
| 94 | args = user and ("%s@%s" % (user, host)) or host |
|
94 | args = user and ("%s@%s" % (user, host)) or host | |
| 95 |
if '-' in args[: |
|
95 | if '-' in args[:1]: | |
| 96 | raise error.Abort( |
|
96 | raise error.Abort( | |
| 97 | _('illegal ssh hostname or username starting with -: %s') % args) |
|
97 | _('illegal ssh hostname or username starting with -: %s') % args) | |
| 98 | return port and ("%s -p %s" % (args, port)) or args |
|
98 | args = shellquote(args) | |
|
|
99 | if port: | |||
|
|
100 | args = '-p %s %s' % (shellquote(port), args) | |||
|
|
101 | return args | |||
| 99 |
|
102 | |||
| 100 | def isexec(f): |
|
103 | def isexec(f): | |
| 101 | """check whether a file is executable""" |
|
104 | """check whether a file is executable""" | |
| @@ -150,10 +150,7 b' class sshpeer(wireproto.wirepeer):' | |||||
| 150 | sshcmd = self.ui.config("ui", "ssh", "ssh") |
|
150 | sshcmd = self.ui.config("ui", "ssh", "ssh") | |
| 151 | remotecmd = self.ui.config("ui", "remotecmd", "hg") |
|
151 | remotecmd = self.ui.config("ui", "remotecmd", "hg") | |
| 152 |
|
152 | |||
| 153 | args = util.sshargs(sshcmd, |
|
153 | args = util.sshargs(sshcmd, self.host, self.user, self.port) | |
| 154 | _serverquote(self.host), |
|
|||
| 155 | _serverquote(self.user), |
|
|||
| 156 | _serverquote(self.port)) |
|
|||
| 157 |
|
154 | |||
| 158 | if create: |
|
155 | if create: | |
| 159 | cmd = '%s %s %s' % (sshcmd, args, |
|
156 | cmd = '%s %s %s' % (sshcmd, args, | |
| @@ -204,7 +204,10 b' def sshargs(sshcmd, host, user, port):' | |||||
| 204 | raise error.Abort( |
|
204 | raise error.Abort( | |
| 205 | _('illegal ssh hostname or username starting with - or /: %s') % |
|
205 | _('illegal ssh hostname or username starting with - or /: %s') % | |
| 206 | args) |
|
206 | args) | |
| 207 | return port and ("%s %s %s" % (args, pflag, port)) or args |
|
207 | args = shellquote(args) | |
|
|
208 | if port: | |||
|
|
209 | args = '%s %s %s' % (pflag, shellquote(port), args) | |||
|
|
210 | return args | |||
| 208 |
|
211 | |||
| 209 | def setflags(f, l, x): |
|
212 | def setflags(f, l, x): | |
| 210 | pass |
|
213 | pass | |
| @@ -1095,6 +1095,11 b' pooled".' | |||||
| 1095 |
|
1095 | |||
| 1096 | SEC: check for unsafe ssh url |
|
1096 | SEC: check for unsafe ssh url | |
| 1097 |
|
1097 | |||
|
|
1098 | $ cat >> $HGRCPATH << EOF | |||
|
|
1099 | > [ui] | |||
|
|
1100 | > ssh = sh -c "read l; read l; read l" | |||
|
|
1101 | > EOF | |||
|
|
1102 | ||||
| 1098 | $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path' |
|
1103 | $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path' | |
| 1099 | abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
|
1104 | abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' | |
| 1100 | [255] |
|
1105 | [255] | |
| @@ -1111,6 +1116,42 b' SEC: check for unsafe ssh url' | |||||
| 1111 | $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path' |
|
1116 | $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path' | |
| 1112 | abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path' |
|
1117 | abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path' | |
| 1113 | [255] |
|
1118 | [255] | |
|
|
1119 | ||||
|
|
1120 | #if windows | |||
|
|
1121 | $ hg clone "ssh://%26touch%20owned%20/" --debug | |||
|
|
1122 | running sh -c "read l; read l; read l" "&touch owned " "hg -R . serve --stdio" | |||
|
|
1123 | sending hello command | |||
|
|
1124 | sending between command | |||
|
|
1125 | abort: no suitable response from remote hg! | |||
|
|
1126 | [255] | |||
|
|
1127 | $ hg clone "ssh://example.com:%26touch%20owned%20/" --debug | |||
|
|
1128 | running sh -c "read l; read l; read l" -p "&touch owned " example.com "hg -R . serve --stdio" | |||
|
|
1129 | sending hello command | |||
|
|
1130 | sending between command | |||
|
|
1131 | abort: no suitable response from remote hg! | |||
|
|
1132 | [255] | |||
|
|
1133 | #else | |||
|
|
1134 | $ hg clone "ssh://%3btouch%20owned%20/" --debug | |||
|
|
1135 | running sh -c "read l; read l; read l" ';touch owned ' 'hg -R . serve --stdio' | |||
|
|
1136 | sending hello command | |||
|
|
1137 | sending between command | |||
|
|
1138 | abort: no suitable response from remote hg! | |||
|
|
1139 | [255] | |||
|
|
1140 | $ hg clone "ssh://example.com:%3btouch%20owned%20/" --debug | |||
|
|
1141 | running sh -c "read l; read l; read l" -p ';touch owned ' example.com 'hg -R . serve --stdio' | |||
|
|
1142 | sending hello command | |||
|
|
1143 | sending between command | |||
|
|
1144 | abort: no suitable response from remote hg! | |||
|
|
1145 | [255] | |||
|
|
1146 | #endif | |||
|
|
1147 | ||||
|
|
1148 | $ hg clone "ssh://v-alid.example.com/" --debug | |||
|
|
1149 | running sh -c "read l; read l; read l" v-alid\.example\.com ['"]hg -R \. serve --stdio['"] (re) | |||
|
|
1150 | sending hello command | |||
|
|
1151 | sending between command | |||
|
|
1152 | abort: no suitable response from remote hg! | |||
|
|
1153 | [255] | |||
|
|
1154 | ||||
| 1114 | We should not have created a file named owned - if it exists, the |
|
1155 | We should not have created a file named owned - if it exists, the | |
| 1115 | attack succeeded. |
|
1156 | attack succeeded. | |
| 1116 | $ if test -f owned; then echo 'you got owned'; fi |
|
1157 | $ if test -f owned; then echo 'you got owned'; fi | |
| @@ -461,7 +461,7 b' debug output' | |||||
| 461 |
|
461 | |||
| 462 | $ hg pull --debug ssh://user@dummy/remote |
|
462 | $ hg pull --debug ssh://user@dummy/remote | |
| 463 | pulling from ssh://user@dummy/remote |
|
463 | pulling from ssh://user@dummy/remote | |
| 464 |
running python ".*/dummyssh" user@dummy (' |
|
464 | running python ".*/dummyssh" ['"]user@dummy['"] ('|")hg -R remote serve --stdio('|") (re) | |
| 465 | sending hello command |
|
465 | sending hello command | |
| 466 | sending between command |
|
466 | sending between command | |
| 467 | remote: 355 |
|
467 | remote: 355 | |
| @@ -477,7 +477,7 b' debug output' | |||||
| 477 |
|
477 | |||
| 478 | $ hg pull --debug ssh://user@dummy/remote |
|
478 | $ hg pull --debug ssh://user@dummy/remote | |
| 479 | pulling from ssh://user@dummy/remote |
|
479 | pulling from ssh://user@dummy/remote | |
| 480 |
running python ".*/dummyssh" |
|
480 | running python ".*/dummyssh" ['"]user@dummy['"] ('|")hg -R remote serve --stdio('|") (re) | |
| 481 | sending hello command |
|
481 | sending hello command | |
| 482 | sending between command |
|
482 | sending between command | |
| 483 | remote: 355 |
|
483 | remote: 355 | |
General Comments 0
You need to be logged in to leave comments.
Login now