upstream/mercurial-mirror Commit - r33732:8cb9e921

ssh: quote parameters using shellquote (SEC)...

Jun Wu -

r33732:8cb9e921 stable

parent child

mercurial/posix.py

0 +5 -2

              def sshargs(sshcmd, host, user, port):
                  '''Build argument list for ssh'''
                  args = user and ("%s@%s" % (user, host)) or host
-                 if '-' in args[:2]:
+                 if '-' in args[:1]:
                      raise error.Abort(
                          _('illegal ssh hostname or username starting with -: %s') % args)
-                 return port and ("%s -p %s" % (args, port)) or args
+                 args = shellquote(args)
+                 if port:
+                     args = '-p %s %s' % (shellquote(port), args)
+                 return args
              def isexec(f):
                  """check whether a file is executable"""

mercurial/sshpeer.py

0 +1 -4

                      sshcmd = self.ui.config("ui", "ssh")
                      remotecmd = self.ui.config("ui", "remotecmd")
-                     args = util.sshargs(sshcmd,
-                                         _serverquote(self.host),
-                                         _serverquote(self.user),
-                                         _serverquote(self.port))
+                     args = util.sshargs(sshcmd, self.host, self.user, self.port)
                      if create:
                          cmd = '%s %s %s' % (sshcmd, args,

mercurial/windows.py

0 +4 -1

                      raise error.Abort(
                          _('illegal ssh hostname or username starting with - or /: %s') %
                          args)
-                 return port and ("%s %s %s" % (args, pflag, port)) or args
+                 args = shellquote(args)
+                 if port:
+                     args = '%s %s %s' % (pflag, shellquote(port), args)
+                 return args
              def setflags(f, l, x):
                  pass

tests/test-clone.t

0 +41 0

              SEC: check for unsafe ssh url
+               $ cat >> $HGRCPATH << EOF
+               > [ui]
+               > ssh = sh -c "read l; read l; read l"
+               > EOF
                $ hg clone 'ssh://-oProxyCommand=touch${IFS}owned/path'
                abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path'
                [255]
                $ hg clone 'ssh://-oProxyCommand=touch owned%20foo@example.com/nonexistent/path'
                abort: potentially unsafe url: 'ssh://-oProxyCommand=touch owned foo@example.com/nonexistent/path'
                [255]
+             #if windows
+               $ hg clone "ssh://%26touch%20owned%20/" --debug
+               running sh -c "read l; read l; read l" "&touch owned " "hg -R . serve --stdio"
+               sending hello command
+               sending between command
+               abort: no suitable response from remote hg!
+               [255]
+               $ hg clone "ssh://example.com:%26touch%20owned%20/" --debug
+               running sh -c "read l; read l; read l" -p "&touch owned " example.com "hg -R . serve --stdio"
+               sending hello command
+               sending between command
+               abort: no suitable response from remote hg!
+               [255]
+             #else
+               $ hg clone "ssh://%3btouch%20owned%20/" --debug
+               running sh -c "read l; read l; read l" ';touch owned ' 'hg -R . serve --stdio'
+               sending hello command
+               sending between command
+               abort: no suitable response from remote hg!
+               [255]
+               $ hg clone "ssh://example.com:%3btouch%20owned%20/" --debug
+               running sh -c "read l; read l; read l" -p ';touch owned ' example.com 'hg -R . serve --stdio'
+               sending hello command
+               sending between command
+               abort: no suitable response from remote hg!
+               [255]
+             #endif
+               $ hg clone "ssh://v-alid.example.com/" --debug
+               running sh -c "read l; read l; read l" v-alid\.example\.com ['"]hg -R \. serve --stdio['"] (re)
+               sending hello command
+               sending between command
+               abort: no suitable response from remote hg!
+               [255]
              We should not have created a file named owned - if it exists, the
              attack succeeded.
                $ if test -f owned; then echo 'you got owned'; fi

tests/test-ssh-bundle1.t

0 +1 -1

                $ hg pull --debug ssh://user@dummy/remote
                pulling from ssh://user@dummy/remote
-               running .* ".*/dummyssh" user@dummy ('|")hg -R remote serve --stdio('|") (re)
+               running .* ".*/dummyssh" ['"]user@dummy['"] ('|")hg -R remote serve --stdio('|") (re)
                sending hello command
                sending between command
                remote: 355

tests/test-ssh.t

0 +1 -1

                $ hg pull --debug ssh://user@dummy/remote
                pulling from ssh://user@dummy/remote
-               running .* ".*/dummyssh" user@dummy ('|")hg -R remote serve --stdio('|") (re)
+               running .* ".*/dummyssh" ['"]user@dummy['"] ('|")hg -R remote serve --stdio('|") (re)
                sending hello command
                sending between command
                remote: 355

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages