upstream/mercurial-mirror Commit - r33732:8cb9e921

ssh: quote parameters using shellquote (SEC)...

Jun Wu -

r33732:8cb9e921 stable

parent child

mercurial/posix.py

0 +5 -2

             def sshargs(sshcmd, host, user, port):
                 '''Build argument list for ssh'''
                 args = user and ("%s@%s" % (user, host)) or host
-                if '-' in args[:2]:
+                if '-' in args[:1]:
                     raise error.Abort(
                         _('illegal ssh hostname or username starting with -: %s') % args)
-                return port and ("%s -p %s" % (args, port)) or args
+                args = shellquote(args)
+                if port:
+                    args = '-p %s %s' % (shellquote(port), args)
+                return args
             def isexec(f):
                 """check whether a file is executable"""

mercurial/sshpeer.py

0 +1 -4

                     sshcmd = self.ui.config("ui", "ssh")
                     remotecmd = self.ui.config("ui", "remotecmd")
-                    args = util.sshargs(sshcmd,
+                    args = util.sshargs(sshcmd, self.host, self.user, self.port)
-                                        _serverquote(self.host),
-                                        _serverquote(self.user),
-                                        _serverquote(self.port))
                     if create:
                         cmd = '%s %s %s' % (sshcmd, args,

mercurial/windows.py

0 +4 -1

                     raise error.Abort(
                         _('illegal ssh hostname or username starting with - or /: %s') %
                         args)
-                return port and ("%s %s %s" % (args, pflag, port)) or args
+                args = shellquote(args)
+                if port:
+                    args = '%s %s %s' % (pflag, shellquote(port), args)
+                return args
             def setflags(f, l, x):
                 pass

tests/test-clone.t

0 +41 0

@@ -1100,6 +1100,11 b' pooled".'
1100		1100
1101	SEC: check for unsafe ssh url	1101	SEC: check for unsafe ssh url
1102		1102
		1103	$ cat >> $HGRCPATH << EOF
		1104	> [ui]
		1105	> ssh = sh -c "read l; read l; read l"
		1106	> EOF
		1107
1103	$ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path'	1108	$ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path'
1104	abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path'	1109	abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path'
1105	[255]	1110	[255]
@@ -1116,6 +1121,42 b' SEC: check for unsafe ssh url'
1116	$ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path'	1121	$ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path'
1117	abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path'	1122	abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path'
1118	[255]	1123	[255]
		1124
		1125	#if windows
		1126	$ hg clone "ssh://%26touch%20owned%20/" --debug
		1127	running sh -c "read l; read l; read l" "&touch owned " "hg -R . serve --stdio"
		1128	sending hello command
		1129	sending between command
		1130	abort: no suitable response from remote hg!
		1131	[255]
		1132	$ hg clone "ssh://example.com:%26touch%20owned%20/" --debug
		1133	running sh -c "read l; read l; read l" -p "&touch owned " example.com "hg -R . serve --stdio"
		1134	sending hello command
		1135	sending between command
		1136	abort: no suitable response from remote hg!
		1137	[255]
		1138	#else
		1139	$ hg clone "ssh://%3btouch%20owned%20/" --debug
		1140	running sh -c "read l; read l; read l" ';touch owned ' 'hg -R . serve --stdio'
		1141	sending hello command
		1142	sending between command
		1143	abort: no suitable response from remote hg!
		1144	[255]
		1145	$ hg clone "ssh://example.com:%3btouch%20owned%20/" --debug
		1146	running sh -c "read l; read l; read l" -p ';touch owned ' example.com 'hg -R . serve --stdio'
		1147	sending hello command
		1148	sending between command
		1149	abort: no suitable response from remote hg!
		1150	[255]
		1151	#endif
		1152
		1153	$ hg clone "ssh://v-alid.example.com/" --debug
		1154	running sh -c "read l; read l; read l" v-alid\.example\.com ['"]hg -R \. serve --stdio['"] (re)
		1155	sending hello command
		1156	sending between command
		1157	abort: no suitable response from remote hg!
		1158	[255]
		1159
1119	We should not have created a file named owned - if it exists, the	1160	We should not have created a file named owned - if it exists, the
1120	attack succeeded.	1161	attack succeeded.
1121	$ if test -f owned; then echo 'you got owned'; fi	1162	$ if test -f owned; then echo 'you got owned'; fi

tests/test-ssh-bundle1.t

0 +1 -1

               $ hg pull --debug ssh://user@dummy/remote
               pulling from ssh://user@dummy/remote
-              running .* ".*/dummyssh" user@dummy ('|")hg -R remote serve --stdio('|") (re)
+              running .* ".*/dummyssh" ['"]user@dummy['"] ('|")hg -R remote serve --stdio('|") (re)
               sending hello command
               sending between command
               remote: 355

tests/test-ssh.t

0 +1 -1

               $ hg pull --debug ssh://user@dummy/remote
               pulling from ssh://user@dummy/remote
-              running .* ".*/dummyssh" user@dummy ('|")hg -R remote serve --stdio('|") (re)
+              running .* ".*/dummyssh" ['"]user@dummy['"] ('|")hg -R remote serve --stdio('|") (re)
               sending hello command
               sending between command
               remote: 355

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages