• Jeff King's avatar
    shell: disallow repo names beginning with dash · 3ec80449
    Jeff King authored
    When a remote server uses git-shell, the client side will
    connect to it like:
    
      ssh server "git-upload-pack 'foo.git'"
    
    and we literally exec ("git-upload-pack", "foo.git"). In
    early versions of upload-pack and receive-pack, we took a
    repository argument and nothing else. But over time they
    learned to accept dashed options. If the user passes a
    repository name that starts with a dash, the results are
    confusing at best (we complain of a bogus option instead of
    a non-existent repository) and malicious at worst (the user
    can start an interactive pager via "--help").
    
    We could pass "--" to the sub-process to make sure the
    user's argument is interpreted as a branch name. I.e.:
    
      git-upload-pack -- -foo.git
    
    But adding "--" automatically would make us inconsistent
    with a normal shell (i.e., when git-shell is not in use),
    where "-foo.git" would still be an error. For that case, the
    client would have to specify the "--", but they can't do so
    reliably, as existing versions of git-shell do not allow
    more than a single argument.
    
    The simplest thing is to simply disallow "-" at the start of
    the repo name argument. This hasn't worked either with or
    without git-shell since version 1.0.0, and nobody has
    complained.
    
    Note that this patch just applies to do_generic_cmd(), which
    runs upload-pack, receive-pack, and upload-archive. There
    are two other types of commands that git-shell runs:
    
      - do_cvs_cmd(), but this already restricts the argument to
        be the literal string "server"
    
      - admin-provided commands in the git-shell-commands
        directory. We'll pass along arbitrary arguments there,
        so these commands could have similar problems. But these
        commands might actually understand dashed arguments, so
        we cannot just block them here. It's up to the writer of
        the commands to make sure they are safe. With great
        power comes great responsibility.
    Reported-by: BlueC0re's avatarTimo Schmid <tschmid@ernw.de>
    Signed-off-by: default avatarJeff King <peff@peff.net>
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
    3ec80449
Name
Last commit
Last update
Documentation Loading commit data...
block-sha1 Loading commit data...
builtin Loading commit data...
compat Loading commit data...
contrib Loading commit data...
ewah Loading commit data...
git-gui Loading commit data...
gitk-git Loading commit data...
gitweb Loading commit data...
mergetools Loading commit data...
perl Loading commit data...
po Loading commit data...
ppc Loading commit data...
t Loading commit data...
templates Loading commit data...
vcs-svn Loading commit data...
xdiff Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
GIT-VERSION-GEN Loading commit data...
INSTALL Loading commit data...
LGPL-2.1 Loading commit data...
Makefile Loading commit data...
README Loading commit data...
RelNotes Loading commit data...
abspath.c Loading commit data...
aclocal.m4 Loading commit data...
advice.c Loading commit data...
advice.h Loading commit data...
alias.c Loading commit data...
alloc.c Loading commit data...
archive-tar.c Loading commit data...
archive-zip.c Loading commit data...
archive.c Loading commit data...
archive.h Loading commit data...
argv-array.c Loading commit data...
argv-array.h Loading commit data...
attr.c Loading commit data...
attr.h Loading commit data...
base85.c Loading commit data...
bisect.c Loading commit data...
bisect.h Loading commit data...
blob.c Loading commit data...
blob.h Loading commit data...
branch.c Loading commit data...
branch.h Loading commit data...
builtin.h Loading commit data...
bulk-checkin.c Loading commit data...
bulk-checkin.h Loading commit data...
bundle.c Loading commit data...
bundle.h Loading commit data...
cache-tree.c Loading commit data...
cache-tree.h Loading commit data...
cache.h Loading commit data...
check-builtins.sh Loading commit data...
check-racy.c Loading commit data...
check_bindir Loading commit data...
color.c Loading commit data...
color.h Loading commit data...
column.c Loading commit data...
column.h Loading commit data...
combine-diff.c Loading commit data...
command-list.txt Loading commit data...
commit-slab.h Loading commit data...
commit.c Loading commit data...
commit.h Loading commit data...
config.c Loading commit data...
config.mak.in Loading commit data...
config.mak.uname Loading commit data...
configure.ac Loading commit data...
connect.c Loading commit data...
connect.h Loading commit data...
connected.c Loading commit data...
connected.h Loading commit data...
convert.c Loading commit data...
convert.h Loading commit data...
copy.c Loading commit data...
credential-cache--daemon.c Loading commit data...
credential-cache.c Loading commit data...
credential-store.c Loading commit data...
credential.c Loading commit data...
credential.h Loading commit data...
csum-file.c Loading commit data...
csum-file.h Loading commit data...
ctype.c Loading commit data...
daemon.c Loading commit data...
date.c Loading commit data...
decorate.c Loading commit data...
decorate.h Loading commit data...
delta.h Loading commit data...
diff-delta.c Loading commit data...
diff-lib.c Loading commit data...
diff-no-index.c Loading commit data...
diff.c Loading commit data...
diff.h Loading commit data...
diffcore-break.c Loading commit data...
diffcore-delta.c Loading commit data...
diffcore-order.c Loading commit data...
diffcore-pickaxe.c Loading commit data...
diffcore-rename.c Loading commit data...
diffcore.h Loading commit data...
dir.c Loading commit data...
dir.h Loading commit data...
editor.c Loading commit data...
entry.c Loading commit data...
environment.c Loading commit data...
exec_cmd.c Loading commit data...
exec_cmd.h Loading commit data...
fast-import.c Loading commit data...
fetch-pack.c Loading commit data...
fetch-pack.h Loading commit data...
fmt-merge-msg.h Loading commit data...
fsck.c Loading commit data...
fsck.h Loading commit data...
generate-cmdlist.sh Loading commit data...
gettext.c Loading commit data...
gettext.h Loading commit data...
git-add--interactive.perl Loading commit data...
git-am.sh Loading commit data...
git-archimport.perl Loading commit data...
git-bisect.sh Loading commit data...
git-compat-util.h Loading commit data...
git-cvsexportcommit.perl Loading commit data...
git-cvsimport.perl Loading commit data...
git-cvsserver.perl Loading commit data...
git-difftool--helper.sh Loading commit data...
git-difftool.perl Loading commit data...
git-filter-branch.sh Loading commit data...
git-instaweb.sh Loading commit data...
git-merge-octopus.sh Loading commit data...
git-merge-one-file.sh Loading commit data...
git-merge-resolve.sh Loading commit data...
git-mergetool--lib.sh Loading commit data...
git-mergetool.sh Loading commit data...
git-p4.py Loading commit data...
git-parse-remote.sh Loading commit data...
git-pull.sh Loading commit data...
git-quiltimport.sh Loading commit data...
git-rebase--am.sh Loading commit data...
git-rebase--interactive.sh Loading commit data...
git-rebase--merge.sh Loading commit data...
git-rebase.sh Loading commit data...
git-relink.perl Loading commit data...
git-remote-testgit.sh Loading commit data...
git-request-pull.sh Loading commit data...
git-send-email.perl Loading commit data...
git-sh-i18n.sh Loading commit data...
git-sh-setup.sh Loading commit data...
git-stash.sh Loading commit data...
git-submodule.sh Loading commit data...
git-svn.perl Loading commit data...
git-web--browse.sh Loading commit data...
git.c Loading commit data...
git.rc Loading commit data...
git.spec.in Loading commit data...
gpg-interface.c Loading commit data...
gpg-interface.h Loading commit data...
graph.c Loading commit data...
graph.h Loading commit data...
grep.c Loading commit data...
grep.h Loading commit data...
hashmap.c Loading commit data...
hashmap.h Loading commit data...
help.c Loading commit data...
help.h Loading commit data...
hex.c Loading commit data...
http-backend.c Loading commit data...
http-fetch.c Loading commit data...
http-push.c Loading commit data...
http-walker.c Loading commit data...
http.c Loading commit data...
http.h Loading commit data...
ident.c Loading commit data...
imap-send.c Loading commit data...
khash.h Loading commit data...
kwset.c Loading commit data...
kwset.h Loading commit data...
levenshtein.c Loading commit data...
levenshtein.h Loading commit data...
line-log.c Loading commit data...
line-log.h Loading commit data...
line-range.c Loading commit data...
line-range.h Loading commit data...
list-objects.c Loading commit data...
list-objects.h Loading commit data...
ll-merge.c Loading commit data...
ll-merge.h Loading commit data...
lockfile.c Loading commit data...
lockfile.h Loading commit data...
log-tree.c Loading commit data...
log-tree.h Loading commit data...
mailmap.c Loading commit data...
mailmap.h Loading commit data...
match-trees.c Loading commit data...
merge-blobs.c Loading commit data...
merge-blobs.h Loading commit data...
merge-recursive.c Loading commit data...
merge-recursive.h Loading commit data...
merge.c Loading commit data...
mergesort.c Loading commit data...
mergesort.h Loading commit data...
name-hash.c Loading commit data...
notes-cache.c Loading commit data...
notes-cache.h Loading commit data...
notes-merge.c Loading commit data...
notes-merge.h Loading commit data...
notes-utils.c Loading commit data...
notes-utils.h Loading commit data...
notes.c Loading commit data...
notes.h Loading commit data...
object.c Loading commit data...
object.h Loading commit data...
pack-bitmap-write.c Loading commit data...
pack-bitmap.c Loading commit data...
pack-bitmap.h Loading commit data...
pack-check.c Loading commit data...
pack-objects.c Loading commit data...
pack-objects.h Loading commit data...
pack-revindex.c Loading commit data...
pack-revindex.h Loading commit data...
pack-write.c Loading commit data...
pack.h Loading commit data...
pager.c Loading commit data...
parse-options-cb.c Loading commit data...
parse-options.c Loading commit data...
parse-options.h Loading commit data...
patch-delta.c Loading commit data...
patch-ids.c Loading commit data...
patch-ids.h Loading commit data...
path.c Loading commit data...
pathspec.c Loading commit data...
pathspec.h Loading commit data...
pkt-line.c Loading commit data...
pkt-line.h Loading commit data...
preload-index.c Loading commit data...
pretty.c Loading commit data...
prio-queue.c Loading commit data...
prio-queue.h Loading commit data...
progress.c Loading commit data...
progress.h Loading commit data...
prompt.c Loading commit data...
prompt.h Loading commit data...
quote.c Loading commit data...
quote.h Loading commit data...
reachable.c Loading commit data...
reachable.h Loading commit data...
read-cache.c Loading commit data...
reflog-walk.c Loading commit data...
reflog-walk.h Loading commit data...
refs.c Loading commit data...
refs.h Loading commit data...
remote-curl.c Loading commit data...
remote-testsvn.c Loading commit data...
remote.c Loading commit data...
remote.h Loading commit data...
replace_object.c Loading commit data...
rerere.c Loading commit data...
rerere.h Loading commit data...
resolve-undo.c Loading commit data...
resolve-undo.h Loading commit data...
revision.c Loading commit data...
revision.h Loading commit data...
run-command.c Loading commit data...
run-command.h Loading commit data...
send-pack.c Loading commit data...
send-pack.h Loading commit data...
sequencer.c Loading commit data...
sequencer.h Loading commit data...
server-info.c Loading commit data...
setup.c Loading commit data...
sh-i18n--envsubst.c Loading commit data...
sha1-array.c Loading commit data...
sha1-array.h Loading commit data...
sha1-lookup.c Loading commit data...
sha1-lookup.h Loading commit data...
sha1_file.c Loading commit data...
sha1_name.c Loading commit data...
shallow.c Loading commit data...
shell.c Loading commit data...
shortlog.h Loading commit data...
show-index.c Loading commit data...
sideband.c Loading commit data...
sideband.h Loading commit data...
sigchain.c Loading commit data...
sigchain.h Loading commit data...
split-index.c Loading commit data...
split-index.h Loading commit data...
strbuf.c Loading commit data...
strbuf.h Loading commit data...
streaming.c Loading commit data...
streaming.h Loading commit data...
string-list.c Loading commit data...
string-list.h Loading commit data...
submodule.c Loading commit data...
submodule.h Loading commit data...
symlinks.c Loading commit data...
tag.c Loading commit data...
tag.h Loading commit data...
tar.h Loading commit data...
test-chmtime.c Loading commit data...
test-config.c Loading commit data...
test-ctype.c Loading commit data...
test-date.c Loading commit data...
test-delta.c Loading commit data...
test-dump-cache-tree.c Loading commit data...
test-dump-split-index.c Loading commit data...
test-genrandom.c Loading commit data...
test-hashmap.c Loading commit data...
test-index-version.c Loading commit data...
test-line-buffer.c Loading commit data...
test-match-trees.c Loading commit data...
test-mergesort.c Loading commit data...
test-mktemp.c Loading commit data...
test-parse-options.c Loading commit data...
test-path-utils.c Loading commit data...
test-prio-queue.c Loading commit data...
test-read-cache.c Loading commit data...
test-regex.c Loading commit data...
test-revision-walking.c Loading commit data...
test-run-command.c Loading commit data...
test-scrap-cache-tree.c Loading commit data...
test-sha1-array.c Loading commit data...
test-sha1.c Loading commit data...
test-sha1.sh Loading commit data...
test-sigchain.c Loading commit data...
test-string-list.c Loading commit data...
test-subprocess.c Loading commit data...
test-svn-fe.c Loading commit data...
test-urlmatch-normalization.c Loading commit data...
test-wildmatch.c Loading commit data...
thread-utils.c Loading commit data...
thread-utils.h Loading commit data...
trace.c Loading commit data...
trace.h Loading commit data...
trailer.c Loading commit data...
trailer.h Loading commit data...
transport-helper.c Loading commit data...
transport.c Loading commit data...
transport.h Loading commit data...
tree-diff.c Loading commit data...
tree-walk.c Loading commit data...
tree-walk.h Loading commit data...
tree.c Loading commit data...
tree.h Loading commit data...
unicode_width.h Loading commit data...
unimplemented.sh Loading commit data...
unix-socket.c Loading commit data...
unix-socket.h Loading commit data...
unpack-trees.c Loading commit data...
unpack-trees.h Loading commit data...
update_unicode.sh Loading commit data...
upload-pack.c Loading commit data...
url.c Loading commit data...
url.h Loading commit data...
urlmatch.c Loading commit data...
urlmatch.h Loading commit data...
usage.c Loading commit data...
userdiff.c Loading commit data...
userdiff.h Loading commit data...
utf8.c Loading commit data...
utf8.h Loading commit data...
varint.c Loading commit data...
varint.h Loading commit data...
version.c Loading commit data...
version.h Loading commit data...
versioncmp.c Loading commit data...
walker.c Loading commit data...
walker.h Loading commit data...
wildmatch.c Loading commit data...
wildmatch.h Loading commit data...
wrap-for-bin.sh Loading commit data...
wrapper.c Loading commit data...
write_or_die.c Loading commit data...
ws.c Loading commit data...
wt-status.c Loading commit data...
wt-status.h Loading commit data...
xdiff-interface.c Loading commit data...
xdiff-interface.h Loading commit data...
zlib.c Loading commit data...