ssh: reject suspicious path

Like in the previous commit and in git, we reject a path that looks like an option to avoid injection into the command we ask the remote to execute.

ssh: reject suspicious path
Like in the previous commit and in git, we reject a path that looks like an option to avoid injection into the command we ask the remote to execute.
517bd0d3 · Carlos Martín Nieto · cf7477a8 · 517bd0d3
Commit 517bd0d3 authored Sep 20, 2023 by Carlos Martín Nieto
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

src/libgit2/transports/ssh_libssh2.c
+9 -0

No files found.
--- a/src/libgit2/transports/ssh_libssh2.c
+++ b/src/libgit2/transports/ssh_libssh2.c
@@ -788,6 +788,15 @@ static int _git_ssh_setup_conn(
 	if (error < 0)
 		goto done;

+	/* Safety check: like git, we forbid paths that look like an option as
+	 * that could lead to injection on the remote side */
+	if (git_net_looks_like_command_line_option(s->url.path)) {
+		git_error_set(GIT_ERROR_NET, "strange path '%s' blocked", s->url.path);
+		error = -1;
+		goto done;
+	}
+
+
 	if ((error = git_socket_stream_new(&s->io, s->url.host, s->url.port)) < 0 ||
 	    (error = git_stream_connect(s->io)) < 0)
 		goto done;