Revision 820d7650cc670d3e4195aad3a5343158c316e8fa authored by Junio C Hamano on 26 July 2017, 17:24:20 UTC, committed by Junio C Hamano on 28 July 2017, 22:51:14 UTC
When commands like "git fetch" talk with ssh://$rest_of_URL/, the
code splits $rest_of_URL into components like host, port, etc., and
then spawns the underlying "ssh" program by formulating argv[] array
that has:
- the path to ssh command taken from GIT_SSH_COMMAND, etc.
- dashed options like '-batch' (for Tortoise), '-p <port>' as
needed.
- ssh_host, which is supposed to be the hostname parsed out of
$rest_of_URL.
- then the command to be run on the other side, e.g. git
upload-pack.
If the ssh_host ends up getting '-<anything>', the argv[] that is
used to spawn the command becomes something like:
{ "ssh", "-p", "22", "-<anything>", "command", "to", "run", NULL }
which obviously is bogus, but depending on the actual value of
"<anything>", will make "ssh" parse and use it as an option.
Prevent this by forbidding ssh_host that begins with a "-".
Noticed-by: Joern Schneeweisz of Recurity Labs
Reported-by: Brian at GitLab
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
1 parent c8dd1e3
t5539-fetch-http-shallow.sh
#!/bin/sh
test_description='fetch/clone from a shallow clone over http'
. ./test-lib.sh
. "$TEST_DIRECTORY"/lib-httpd.sh
start_httpd
commit() {
echo "$1" >tracked &&
git add tracked &&
git commit -m "$1"
}
test_expect_success 'setup shallow clone' '
commit 1 &&
commit 2 &&
commit 3 &&
commit 4 &&
commit 5 &&
commit 6 &&
commit 7 &&
git clone --no-local --depth=5 .git shallow &&
git config --global transfer.fsckObjects true
'
test_expect_success 'clone http repository' '
git clone --bare --no-local shallow "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
git clone $HTTPD_URL/smart/repo.git clone &&
(
cd clone &&
git fsck &&
git log --format=%s origin/master >actual &&
cat <<EOF >expect &&
7
6
5
4
3
EOF
test_cmp expect actual
)
'
# This test is tricky. We need large enough "have"s that fetch-pack
# will put pkt-flush in between. Then we need a "have" the server
# does not have, it'll send "ACK %s ready"
test_expect_success 'no shallow lines after receiving ACK ready' '
(
cd shallow &&
test_tick &&
for i in $(test_seq 15)
do
git checkout --orphan unrelated$i &&
test_commit unrelated$i &&
git push -q "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \
refs/heads/unrelated$i:refs/heads/unrelated$i &&
git push -q ../clone/.git \
refs/heads/unrelated$i:refs/heads/unrelated$i ||
exit 1
done &&
git checkout master &&
test_commit new &&
git push "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" master
) &&
(
cd clone &&
git checkout --orphan newnew &&
test_commit new-too &&
GIT_TRACE_PACKET="$TRASH_DIRECTORY/trace" git fetch --depth=2 &&
grep "fetch-pack< ACK .* ready" ../trace &&
! grep "fetch-pack> done" ../trace
)
'
stop_httpd
test_done
Computing file changes ...
