Show More
| @@ -1383,6 +1383,11 b' class gitsubrepo(abstractsubrepo):' | |||||
| 1383 | are not supported and very probably fail. |
|
1383 | are not supported and very probably fail. | |
| 1384 | """ |
|
1384 | """ | |
| 1385 | self.ui.debug('%s: git %s\n' % (self._relpath, ' '.join(commands))) |
|
1385 | self.ui.debug('%s: git %s\n' % (self._relpath, ' '.join(commands))) | |
|
|
1386 | if env is None: | |||
|
|
1387 | env = os.environ.copy() | |||
|
|
1388 | # fix for Git CVE-2015-7545 | |||
|
|
1389 | if 'GIT_ALLOW_PROTOCOL' not in env: | |||
|
|
1390 | env['GIT_ALLOW_PROTOCOL'] = 'file:git:http:https:ssh' | |||
| 1386 | # unless ui.quiet is set, print git's stderr, |
|
1391 | # unless ui.quiet is set, print git's stderr, | |
| 1387 | # which is mostly progress and useful info |
|
1392 | # which is mostly progress and useful info | |
| 1388 | errpipe = None |
|
1393 | errpipe = None | |
| @@ -1132,4 +1132,36 b' make sure we show changed files, rather ' | |||||
| 1132 | ? s/foobar.orig |
|
1132 | ? s/foobar.orig | |
| 1133 | ? s/snake.python.orig |
|
1133 | ? s/snake.python.orig | |
| 1134 |
|
1134 | |||
|
|
1135 | test for Git CVE-2016-3068 | |||
|
|
1136 | $ hg init malicious-subrepository | |||
|
|
1137 | $ cd malicious-subrepository | |||
|
|
1138 | $ echo "s = [git]ext::sh -c echo% pwned% >&2" > .hgsub | |||
|
|
1139 | $ git init s | |||
|
|
1140 | Initialized empty Git repository in $TESTTMP/tc/malicious-subrepository/s/.git/ | |||
|
|
1141 | $ cd s | |||
|
|
1142 | $ git commit --allow-empty -m 'empty' | |||
|
|
1143 | [master (root-commit) 153f934] empty | |||
| 1135 | $ cd .. |
|
1144 | $ cd .. | |
|
|
1145 | $ hg add .hgsub | |||
|
|
1146 | $ hg commit -m "add subrepo" | |||
|
|
1147 | $ cd .. | |||
|
|
1148 | $ env -u GIT_ALLOW_PROTOCOL hg clone malicious-subrepository malicious-subrepository-protected | |||
|
|
1149 | Cloning into '$TESTTMP/tc/malicious-subrepository-protected/s'... | |||
|
|
1150 | fatal: transport 'ext' not allowed | |||
|
|
1151 | updating to branch default | |||
|
|
1152 | cloning subrepo s from ext::sh -c echo% pwned% >&2 | |||
|
|
1153 | abort: git clone error 128 in s (in subrepo s) | |||
|
|
1154 | [255] | |||
|
|
1155 | ||||
|
|
1156 | whitelisting of ext should be respected (that's the git submodule behaviour) | |||
|
|
1157 | $ env GIT_ALLOW_PROTOCOL=ext hg clone malicious-subrepository malicious-subrepository-clone-allowed | |||
|
|
1158 | Cloning into '$TESTTMP/tc/malicious-subrepository-clone-allowed/s'... | |||
|
|
1159 | pwned | |||
|
|
1160 | fatal: Could not read from remote repository. | |||
|
|
1161 | ||||
|
|
1162 | Please make sure you have the correct access rights | |||
|
|
1163 | and the repository exists. | |||
|
|
1164 | updating to branch default | |||
|
|
1165 | cloning subrepo s from ext::sh -c echo% pwned% >&2 | |||
|
|
1166 | abort: git clone error 128 in s (in subrepo s) | |||
|
|
1167 | [255] | |||
General Comments 0
You need to be logged in to leave comments.
Login now