Show More
@@ -92,10 +92,13 b' def parsepatchoutput(output_line):' | |||
|
92 | 92 | def sshargs(sshcmd, host, user, port): |
|
93 | 93 | '''Build argument list for ssh''' |
|
94 | 94 | args = user and ("%s@%s" % (user, host)) or host |
|
95 |
if '-' in args[: |
|
|
95 | if '-' in args[:1]: | |
|
96 | 96 | raise error.Abort( |
|
97 | 97 | _('illegal ssh hostname or username starting with -: %s') % args) |
|
98 | return port and ("%s -p %s" % (args, port)) or args | |
|
98 | args = shellquote(args) | |
|
99 | if port: | |
|
100 | args = '-p %s %s' % (shellquote(port), args) | |
|
101 | return args | |
|
99 | 102 | |
|
100 | 103 | def isexec(f): |
|
101 | 104 | """check whether a file is executable""" |
@@ -150,10 +150,7 b' class sshpeer(wireproto.wirepeer):' | |||
|
150 | 150 | sshcmd = self.ui.config("ui", "ssh", "ssh") |
|
151 | 151 | remotecmd = self.ui.config("ui", "remotecmd", "hg") |
|
152 | 152 | |
|
153 | args = util.sshargs(sshcmd, | |
|
154 | _serverquote(self.host), | |
|
155 | _serverquote(self.user), | |
|
156 | _serverquote(self.port)) | |
|
153 | args = util.sshargs(sshcmd, self.host, self.user, self.port) | |
|
157 | 154 | |
|
158 | 155 | if create: |
|
159 | 156 | cmd = '%s %s %s' % (sshcmd, args, |
@@ -204,7 +204,10 b' def sshargs(sshcmd, host, user, port):' | |||
|
204 | 204 | raise error.Abort( |
|
205 | 205 | _('illegal ssh hostname or username starting with - or /: %s') % |
|
206 | 206 | args) |
|
207 | return port and ("%s %s %s" % (args, pflag, port)) or args | |
|
207 | args = shellquote(args) | |
|
208 | if port: | |
|
209 | args = '%s %s %s' % (pflag, shellquote(port), args) | |
|
210 | return args | |
|
208 | 211 | |
|
209 | 212 | def setflags(f, l, x): |
|
210 | 213 | pass |
@@ -1095,6 +1095,11 b' pooled".' | |||
|
1095 | 1095 | |
|
1096 | 1096 | SEC: check for unsafe ssh url |
|
1097 | 1097 | |
|
1098 | $ cat >> $HGRCPATH << EOF | |
|
1099 | > [ui] | |
|
1100 | > ssh = sh -c "read l; read l; read l" | |
|
1101 | > EOF | |
|
1102 | ||
|
1098 | 1103 | $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path' |
|
1099 | 1104 | abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' |
|
1100 | 1105 | [255] |
@@ -1111,6 +1116,42 b' SEC: check for unsafe ssh url' | |||
|
1111 | 1116 | $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path' |
|
1112 | 1117 | abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path' |
|
1113 | 1118 | [255] |
|
1119 | ||
|
1120 | #if windows | |
|
1121 | $ hg clone "ssh://%26touch%20owned%20/" --debug | |
|
1122 | running sh -c "read l; read l; read l" "&touch owned " "hg -R . serve --stdio" | |
|
1123 | sending hello command | |
|
1124 | sending between command | |
|
1125 | abort: no suitable response from remote hg! | |
|
1126 | [255] | |
|
1127 | $ hg clone "ssh://example.com:%26touch%20owned%20/" --debug | |
|
1128 | running sh -c "read l; read l; read l" -p "&touch owned " example.com "hg -R . serve --stdio" | |
|
1129 | sending hello command | |
|
1130 | sending between command | |
|
1131 | abort: no suitable response from remote hg! | |
|
1132 | [255] | |
|
1133 | #else | |
|
1134 | $ hg clone "ssh://%3btouch%20owned%20/" --debug | |
|
1135 | running sh -c "read l; read l; read l" ';touch owned ' 'hg -R . serve --stdio' | |
|
1136 | sending hello command | |
|
1137 | sending between command | |
|
1138 | abort: no suitable response from remote hg! | |
|
1139 | [255] | |
|
1140 | $ hg clone "ssh://example.com:%3btouch%20owned%20/" --debug | |
|
1141 | running sh -c "read l; read l; read l" -p ';touch owned ' example.com 'hg -R . serve --stdio' | |
|
1142 | sending hello command | |
|
1143 | sending between command | |
|
1144 | abort: no suitable response from remote hg! | |
|
1145 | [255] | |
|
1146 | #endif | |
|
1147 | ||
|
1148 | $ hg clone "ssh://v-alid.example.com/" --debug | |
|
1149 | running sh -c "read l; read l; read l" v-alid\.example\.com ['"]hg -R \. serve --stdio['"] (re) | |
|
1150 | sending hello command | |
|
1151 | sending between command | |
|
1152 | abort: no suitable response from remote hg! | |
|
1153 | [255] | |
|
1154 | ||
|
1114 | 1155 | We should not have created a file named owned - if it exists, the |
|
1115 | 1156 | attack succeeded. |
|
1116 | 1157 | $ if test -f owned; then echo 'you got owned'; fi |
@@ -461,7 +461,7 b' debug output' | |||
|
461 | 461 | |
|
462 | 462 | $ hg pull --debug ssh://user@dummy/remote |
|
463 | 463 | pulling from ssh://user@dummy/remote |
|
464 |
running python ".*/dummyssh" user@dummy (' |
|
|
464 | running python ".*/dummyssh" ['"]user@dummy['"] ('|")hg -R remote serve --stdio('|") (re) | |
|
465 | 465 | sending hello command |
|
466 | 466 | sending between command |
|
467 | 467 | remote: 355 |
@@ -477,7 +477,7 b' debug output' | |||
|
477 | 477 | |
|
478 | 478 | $ hg pull --debug ssh://user@dummy/remote |
|
479 | 479 | pulling from ssh://user@dummy/remote |
|
480 |
running python ".*/dummyssh" |
|
|
480 | running python ".*/dummyssh" ['"]user@dummy['"] ('|")hg -R remote serve --stdio('|") (re) | |
|
481 | 481 | sending hello command |
|
482 | 482 | sending between command |
|
483 | 483 | remote: 355 |
General Comments 0
You need to be logged in to leave comments.
Login now