Commit cf7477a8 by Carlos Martín Nieto

ssh_exec: detect a potentially malicious ssh url string

If you pass along something like `-oProxyCommand=...` as the hostname, we would
pass that along to ssh unbeknownst to us and potentially also the user, if
they were asking a tool to recursively clone submodules.

This is the same fix as mainline git although they don't separate the username
and host for ssh so ours looks like it's checking more.
parent 863ff79f
......@@ -132,6 +132,26 @@ static int get_ssh_cmdline(
const char *default_ssh_cmd = "ssh";
int error;
/* Safety check: like git, we forbid paths that look like an option as
* that could lead to injection to ssh that can make us do unexpected
* things */
if (git_net_looks_like_command_line_option(url->username)) {
git_error_set(GIT_ERROR_NET, "strange username '%s' blocked", url->username);
return -1;
}
if (git_net_looks_like_command_line_option(url->host)) {
git_error_set(GIT_ERROR_NET, "strange host '%s' blocked", url->host);
return -1;
}
/* Safety check: like git, we forbid paths that look like an option as
* that could lead to injection on the remote side */
if (git_net_looks_like_command_line_option(url->path)) {
git_error_set(GIT_ERROR_NET, "strange path '%s' blocked", url->path);
return -1;
}
if ((error = git_repository_config_snapshot(&cfg, repo)) < 0)
return error;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment