upstream/mercurial-mirror Commit - r29256:1f8b861b

1135

test for Git CVE-2016-3068

1135

test for Git CVE-2016-3068

1136

$ hg init malicious-subrepository

1136

$ hg init malicious-subrepository

1137

$ cd malicious-subrepository

1137

$ cd malicious-subrepository

1138

$ echo "s = [git]ext::sh -c echo% pwned% >&2" > .hgsub

1138

$ echo "s = [git]ext::sh -c echo% pwned% >pwned.txt" > .hgsub

1139

$ git init s

1139

$ git init s

1140

Initialized empty Git repository in $TESTTMP/tc/malicious-subrepository/s/.git/

1140

Initialized empty Git repository in $TESTTMP/tc/malicious-subrepository/s/.git/

1141

$ cd s

1141

$ cd s

1145

$ hg add .hgsub

1145

$ hg add .hgsub

1146

$ hg commit -m "add subrepo"

1146

$ hg commit -m "add subrepo"

1147

$ cd ..

1147

$ cd ..

1148

$ rm -f pwned.txt

1148

$ env -u GIT_ALLOW_PROTOCOL hg clone malicious-subrepository malicious-subrepository-protected

1149

$ env -u GIT_ALLOW_PROTOCOL hg clone malicious-subrepository malicious-subrepository-protected

1149

Cloning into '$TESTTMP/tc/malicious-subrepository-protected/s'... (glob)

1150

Cloning into '$TESTTMP/tc/malicious-subrepository-protected/s'... (glob)

1150

fatal: transport 'ext' not allowed

1151

fatal: transport 'ext' not allowed

1151

updating to branch default

1152

updating to branch default

1152

cloning subrepo s from ext::sh -c echo% pwned% >&2

1153

cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt

1153

abort: git clone error 128 in s (in subrepo s)

1154

abort: git clone error 128 in s (in subrepo s)

1154

[255]

1155

[255]

1156

$ test -f pwned.txt && cat pwned.txt || true

1155

1157

1156

whitelisting of ext should be respected (that's the git submodule behaviour)

1158

whitelisting of ext should be respected (that's the git submodule behaviour)

1159

$ rm -f pwned.txt

1157

$ env GIT_ALLOW_PROTOCOL=ext hg clone malicious-subrepository malicious-subrepository-clone-allowed

1160

$ env GIT_ALLOW_PROTOCOL=ext hg clone malicious-subrepository malicious-subrepository-clone-allowed

1158

Cloning into '$TESTTMP/tc/malicious-subrepository-clone-allowed/s'... (glob)

1161

Cloning into '$TESTTMP/tc/malicious-subrepository-clone-allowed/s'... (glob)

1159

pwned

1160

fatal: Could not read from remote repository.

1162

fatal: Could not read from remote repository.

1161

1163

1162

Please make sure you have the correct access rights

1164

Please make sure you have the correct access rights

1163

and the repository exists.

1165

and the repository exists.

1164

updating to branch default

1166

updating to branch default

1165

cloning subrepo s from ext::sh -c echo% pwned% >&2

1167

cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt

1166

abort: git clone error 128 in s (in subrepo s)

1168

abort: git clone error 128 in s (in subrepo s)

1167

[255]

1169

[255]

1170

$ cat pwned.txt

1171

pwned

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             test for Git CVE-2016-3068
               $ hg init malicious-subrepository
               $ cd malicious-subrepository
-              $ echo "s = [git]ext::sh -c echo% pwned% >&2" > .hgsub
+              $ echo "s = [git]ext::sh -c echo% pwned% >pwned.txt" > .hgsub
               $ git init s
               Initialized empty Git repository in $TESTTMP/tc/malicious-subrepository/s/.git/
               $ cd s
               $ hg add .hgsub
               $ hg commit -m "add subrepo"
               $ cd ..
+              $ rm -f pwned.txt
               $ env -u GIT_ALLOW_PROTOCOL hg clone malicious-subrepository malicious-subrepository-protected
               Cloning into '$TESTTMP/tc/malicious-subrepository-protected/s'... (glob)
               fatal: transport 'ext' not allowed
               updating to branch default
-              cloning subrepo s from ext::sh -c echo% pwned% >&2
+              cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt
               abort: git clone error 128 in s (in subrepo s)
               [255]
+              $ test -f pwned.txt && cat pwned.txt || true
             whitelisting of ext should be respected (that's the git submodule behaviour)
+              $ rm -f pwned.txt
               $ env GIT_ALLOW_PROTOCOL=ext hg clone malicious-subrepository malicious-subrepository-clone-allowed
               Cloning into '$TESTTMP/tc/malicious-subrepository-clone-allowed/s'... (glob)
-              pwned
               fatal: Could not read from remote repository.
               Please make sure you have the correct access rights
               and the repository exists.
               updating to branch default
-              cloning subrepo s from ext::sh -c echo% pwned% >&2
+              cloning subrepo s from ext::sh -c echo% pwned% >pwned.txt
               abort: git clone error 128 in s (in subrepo s)
               [255]
+              $ cat pwned.txt
+              pwned