Show More
| @@ -1789,3 +1789,70 b" Test that '[paths]' is configured correc" | |||||
| 1789 | +bar |
|
1789 | +bar | |
| 1790 |
|
1790 | |||
| 1791 | $ cd .. |
|
1791 | $ cd .. | |
|
|
1792 | ||||
|
|
1793 | test for ssh exploit 2017-07-25 | |||
|
|
1794 | ||||
|
|
1795 | $ hg init malicious-proxycommand | |||
|
|
1796 | $ cd malicious-proxycommand | |||
|
|
1797 | $ echo 's = [hg]ssh://-oProxyCommand=touch${IFS}owned/path' > .hgsub | |||
|
|
1798 | $ hg init s | |||
|
|
1799 | $ cd s | |||
|
|
1800 | $ echo init > init | |||
|
|
1801 | $ hg add | |||
|
|
1802 | adding init | |||
|
|
1803 | $ hg commit -m init | |||
|
|
1804 | $ cd .. | |||
|
|
1805 | $ hg add .hgsub | |||
|
|
1806 | $ hg ci -m 'add subrepo' | |||
|
|
1807 | $ cd .. | |||
|
|
1808 | $ hg clone malicious-proxycommand malicious-proxycommand-clone | |||
|
|
1809 | updating to branch default | |||
|
|
1810 | abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' (in subrepository "s") | |||
|
|
1811 | [255] | |||
|
|
1812 | ||||
|
|
1813 | also check that a percent encoded '-' (%2D) doesn't work | |||
|
|
1814 | ||||
|
|
1815 | $ cd malicious-proxycommand | |||
|
|
1816 | $ echo 's = [hg]ssh://%2DoProxyCommand=touch${IFS}owned/path' > .hgsub | |||
|
|
1817 | $ hg ci -m 'change url to percent encoded' | |||
|
|
1818 | $ cd .. | |||
|
|
1819 | $ rm -r malicious-proxycommand-clone | |||
|
|
1820 | $ hg clone malicious-proxycommand malicious-proxycommand-clone | |||
|
|
1821 | updating to branch default | |||
|
|
1822 | abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' (in subrepository "s") | |||
|
|
1823 | [255] | |||
|
|
1824 | ||||
|
|
1825 | also check for a pipe | |||
|
|
1826 | ||||
|
|
1827 | $ cd malicious-proxycommand | |||
|
|
1828 | $ echo 's = [hg]ssh://fakehost|shell/path' > .hgsub | |||
|
|
1829 | $ hg ci -m 'change url to pipe' | |||
|
|
1830 | $ cd .. | |||
|
|
1831 | $ rm -r malicious-proxycommand-clone | |||
|
|
1832 | $ hg clone malicious-proxycommand malicious-proxycommand-clone | |||
|
|
1833 | updating to branch default | |||
|
|
1834 | abort: potentially unsafe url: 'ssh://fakehost|shell/path' (in subrepository "s") | |||
|
|
1835 | [255] | |||
|
|
1836 | ||||
|
|
1837 | also check that a percent encoded '|' (%7C) doesn't work | |||
|
|
1838 | ||||
|
|
1839 | $ cd malicious-proxycommand | |||
|
|
1840 | $ echo 's = [hg]ssh://fakehost%7Cshell/path' > .hgsub | |||
|
|
1841 | $ hg ci -m 'change url to percent encoded pipe' | |||
|
|
1842 | $ cd .. | |||
|
|
1843 | $ rm -r malicious-proxycommand-clone | |||
|
|
1844 | $ hg clone malicious-proxycommand malicious-proxycommand-clone | |||
|
|
1845 | updating to branch default | |||
|
|
1846 | abort: potentially unsafe url: 'ssh://fakehost|shell/path' (in subrepository "s") | |||
|
|
1847 | [255] | |||
|
|
1848 | ||||
|
|
1849 | and bad usernames: | |||
|
|
1850 | $ cd malicious-proxycommand | |||
|
|
1851 | $ echo 's = [hg]ssh://-oProxyCommand=touch owned@example.com/path' > .hgsub | |||
|
|
1852 | $ hg ci -m 'owned username' | |||
|
|
1853 | $ cd .. | |||
|
|
1854 | $ rm -r malicious-proxycommand-clone | |||
|
|
1855 | $ hg clone malicious-proxycommand malicious-proxycommand-clone | |||
|
|
1856 | updating to branch default | |||
|
|
1857 | abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned@example.com/path' (in subrepository "s") | |||
|
|
1858 | [255] | |||
General Comments 0
You need to be logged in to leave comments.
Login now