• Junio C Hamano's avatar
    connect: reject ssh hostname that begins with a dash · 820d7650
    Junio C Hamano authored
    When commands like "git fetch" talk with ssh://$rest_of_URL/, the
    code splits $rest_of_URL into components like host, port, etc., and
    then spawns the underlying "ssh" program by formulating argv[] array
    that has:
    
     - the path to ssh command taken from GIT_SSH_COMMAND, etc.
    
     - dashed options like '-batch' (for Tortoise), '-p <port>' as
       needed.
    
     - ssh_host, which is supposed to be the hostname parsed out of
       $rest_of_URL.
    
     - then the command to be run on the other side, e.g. git
       upload-pack.
    
    If the ssh_host ends up getting '-<anything>', the argv[] that is
    used to spawn the command becomes something like:
    
        { "ssh", "-p", "22", "-<anything>", "command", "to", "run", NULL }
    
    which obviously is bogus, but depending on the actual value of
    "<anything>", will make "ssh" parse and use it as an option.
    
    Prevent this by forbidding ssh_host that begins with a "-".
    
    Noticed-by: Joern Schneeweisz of Recurity Labs
    Reported-by: Brian at GitLab
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
    Reviewed-by: default avatarJeff King <peff@peff.net>
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
    820d7650
Name
Last commit
Last update
Documentation Loading commit data...
block-sha1 Loading commit data...
builtin Loading commit data...
compat Loading commit data...
contrib Loading commit data...
ewah Loading commit data...
git-gui Loading commit data...
gitk-git Loading commit data...
gitweb Loading commit data...
mergetools Loading commit data...
perl Loading commit data...
po Loading commit data...
ppc Loading commit data...
refs Loading commit data...
t Loading commit data...
templates Loading commit data...
vcs-svn Loading commit data...
xdiff Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
.travis.yml Loading commit data...
COPYING Loading commit data...
GIT-VERSION-GEN Loading commit data...
INSTALL Loading commit data...
LGPL-2.1 Loading commit data...
Makefile Loading commit data...
README Loading commit data...
RelNotes Loading commit data...
abspath.c Loading commit data...
aclocal.m4 Loading commit data...
advice.c Loading commit data...
advice.h Loading commit data...
alias.c Loading commit data...
alloc.c Loading commit data...
archive-tar.c Loading commit data...
archive-zip.c Loading commit data...
archive.c Loading commit data...
archive.h Loading commit data...
argv-array.c Loading commit data...
argv-array.h Loading commit data...
attr.c Loading commit data...
attr.h Loading commit data...
base85.c Loading commit data...
bisect.c Loading commit data...
bisect.h Loading commit data...
blob.c Loading commit data...
blob.h Loading commit data...
branch.c Loading commit data...
branch.h Loading commit data...
builtin.h Loading commit data...
bulk-checkin.c Loading commit data...
bulk-checkin.h Loading commit data...
bundle.c Loading commit data...
bundle.h Loading commit data...
cache-tree.c Loading commit data...
cache-tree.h Loading commit data...
cache.h Loading commit data...
check-builtins.sh Loading commit data...
check-racy.c Loading commit data...
check_bindir Loading commit data...
color.c Loading commit data...
color.h Loading commit data...
column.c Loading commit data...
column.h Loading commit data...
combine-diff.c Loading commit data...
command-list.txt Loading commit data...
commit-slab.h Loading commit data...
commit.c Loading commit data...
commit.h Loading commit data...
config.c Loading commit data...
config.mak.in Loading commit data...
config.mak.uname Loading commit data...
configure.ac Loading commit data...
connect.c Loading commit data...
connect.h Loading commit data...
connected.c Loading commit data...
connected.h Loading commit data...
convert.c Loading commit data...
convert.h Loading commit data...
copy.c Loading commit data...
credential-cache--daemon.c Loading commit data...
credential-cache.c Loading commit data...
credential-store.c Loading commit data...
credential.c Loading commit data...
credential.h Loading commit data...
csum-file.c Loading commit data...
csum-file.h Loading commit data...
ctype.c Loading commit data...
daemon.c Loading commit data...
date.c Loading commit data...
decorate.c Loading commit data...
decorate.h Loading commit data...
delta.h Loading commit data...
diff-delta.c Loading commit data...
diff-lib.c Loading commit data...
diff-no-index.c Loading commit data...
diff.c Loading commit data...
diff.h Loading commit data...
diffcore-break.c Loading commit data...
diffcore-delta.c Loading commit data...
diffcore-order.c Loading commit data...
diffcore-pickaxe.c Loading commit data...
diffcore-rename.c Loading commit data...
diffcore.h Loading commit data...
dir.c Loading commit data...
dir.h Loading commit data...
editor.c Loading commit data...
entry.c Loading commit data...
environment.c Loading commit data...
exec_cmd.c Loading commit data...
exec_cmd.h Loading commit data...
fast-import.c Loading commit data...
fetch-pack.c Loading commit data...
fetch-pack.h Loading commit data...
fmt-merge-msg.h Loading commit data...
fsck.c Loading commit data...
fsck.h Loading commit data...
generate-cmdlist.sh Loading commit data...
gettext.c Loading commit data...
gettext.h Loading commit data...
git-add--interactive.perl Loading commit data...
git-archimport.perl Loading commit data...
git-bisect.sh Loading commit data...
git-compat-util.h Loading commit data...
git-cvsexportcommit.perl Loading commit data...
git-cvsimport.perl Loading commit data...
git-cvsserver.perl Loading commit data...
git-difftool--helper.sh Loading commit data...
git-difftool.perl Loading commit data...
git-filter-branch.sh Loading commit data...
git-instaweb.sh Loading commit data...
git-merge-octopus.sh Loading commit data...
git-merge-one-file.sh Loading commit data...
git-merge-resolve.sh Loading commit data...
git-mergetool--lib.sh Loading commit data...
git-mergetool.sh Loading commit data...
git-p4.py Loading commit data...
git-parse-remote.sh Loading commit data...
git-quiltimport.sh Loading commit data...
git-rebase--am.sh Loading commit data...
git-rebase--interactive.sh Loading commit data...
git-rebase--merge.sh Loading commit data...
git-rebase.sh Loading commit data...
git-relink.perl Loading commit data...
git-remote-testgit.sh Loading commit data...
git-request-pull.sh Loading commit data...
git-send-email.perl Loading commit data...
git-sh-i18n.sh Loading commit data...
git-sh-setup.sh Loading commit data...
git-stash.sh Loading commit data...
git-submodule.sh Loading commit data...
git-svn.perl Loading commit data...
git-web--browse.sh Loading commit data...
git.c Loading commit data...
git.rc Loading commit data...
git.spec.in Loading commit data...
gpg-interface.c Loading commit data...
gpg-interface.h Loading commit data...
graph.c Loading commit data...
graph.h Loading commit data...
grep.c Loading commit data...
grep.h Loading commit data...
hashmap.c Loading commit data...
hashmap.h Loading commit data...
help.c Loading commit data...
help.h Loading commit data...
hex.c Loading commit data...
http-backend.c Loading commit data...
http-fetch.c Loading commit data...
http-push.c Loading commit data...
http-walker.c Loading commit data...
http.c Loading commit data...
http.h Loading commit data...
ident.c Loading commit data...
imap-send.c Loading commit data...
khash.h Loading commit data...
kwset.c Loading commit data...
kwset.h Loading commit data...
levenshtein.c Loading commit data...
levenshtein.h Loading commit data...
line-log.c Loading commit data...
line-log.h Loading commit data...
line-range.c Loading commit data...
line-range.h Loading commit data...
list-objects.c Loading commit data...
list-objects.h Loading commit data...
ll-merge.c Loading commit data...
ll-merge.h Loading commit data...
lockfile.c Loading commit data...
lockfile.h Loading commit data...
log-tree.c Loading commit data...
log-tree.h Loading commit data...
mailinfo.c Loading commit data...
mailinfo.h Loading commit data...
mailmap.c Loading commit data...
mailmap.h Loading commit data...
match-trees.c Loading commit data...
merge-blobs.c Loading commit data...
merge-blobs.h Loading commit data...
merge-recursive.c Loading commit data...
merge-recursive.h Loading commit data...
merge.c Loading commit data...
mergesort.c Loading commit data...
mergesort.h Loading commit data...
name-hash.c Loading commit data...
notes-cache.c Loading commit data...
notes-cache.h Loading commit data...
notes-merge.c Loading commit data...
notes-merge.h Loading commit data...
notes-utils.c Loading commit data...
notes-utils.h Loading commit data...
notes.c Loading commit data...
notes.h Loading commit data...
object.c Loading commit data...
object.h Loading commit data...
pack-bitmap-write.c Loading commit data...
pack-bitmap.c Loading commit data...
pack-bitmap.h Loading commit data...
pack-check.c Loading commit data...
pack-objects.c Loading commit data...
pack-objects.h Loading commit data...
pack-revindex.c Loading commit data...
pack-revindex.h Loading commit data...
pack-write.c Loading commit data...
pack.h Loading commit data...
pager.c Loading commit data...
parse-options-cb.c Loading commit data...
parse-options.c Loading commit data...
parse-options.h Loading commit data...
patch-delta.c Loading commit data...
patch-ids.c Loading commit data...
patch-ids.h Loading commit data...
path.c Loading commit data...
pathspec.c Loading commit data...
pathspec.h Loading commit data...
pkt-line.c Loading commit data...
pkt-line.h Loading commit data...
preload-index.c Loading commit data...
pretty.c Loading commit data...
prio-queue.c Loading commit data...
prio-queue.h Loading commit data...
progress.c Loading commit data...
progress.h Loading commit data...
prompt.c Loading commit data...
prompt.h Loading commit data...
quote.c Loading commit data...
quote.h Loading commit data...
reachable.c Loading commit data...
reachable.h Loading commit data...
read-cache.c Loading commit data...
ref-filter.c Loading commit data...
ref-filter.h Loading commit data...
reflog-walk.c Loading commit data...
reflog-walk.h Loading commit data...
refs.c Loading commit data...
refs.h Loading commit data...
remote-curl.c Loading commit data...
remote-testsvn.c Loading commit data...
remote.c Loading commit data...
remote.h Loading commit data...
replace_object.c Loading commit data...
rerere.c Loading commit data...
rerere.h Loading commit data...
resolve-undo.c Loading commit data...
resolve-undo.h Loading commit data...
revision.c Loading commit data...
revision.h Loading commit data...
run-command.c Loading commit data...
run-command.h Loading commit data...
send-pack.c Loading commit data...
send-pack.h Loading commit data...
sequencer.c Loading commit data...
sequencer.h Loading commit data...
server-info.c Loading commit data...
setup.c Loading commit data...
sh-i18n--envsubst.c Loading commit data...
sha1-array.c Loading commit data...
sha1-array.h Loading commit data...
sha1-lookup.c Loading commit data...
sha1-lookup.h Loading commit data...
sha1_file.c Loading commit data...
sha1_name.c Loading commit data...
shallow.c Loading commit data...
shell.c Loading commit data...
shortlog.h Loading commit data...
show-index.c Loading commit data...
sideband.c Loading commit data...
sideband.h Loading commit data...
sigchain.c Loading commit data...
sigchain.h Loading commit data...
split-index.c Loading commit data...
split-index.h Loading commit data...
strbuf.c Loading commit data...
strbuf.h Loading commit data...
streaming.c Loading commit data...
streaming.h Loading commit data...
string-list.c Loading commit data...
string-list.h Loading commit data...
submodule-config.c Loading commit data...
submodule-config.h Loading commit data...
submodule.c Loading commit data...
submodule.h Loading commit data...
symlinks.c Loading commit data...
tag.c Loading commit data...
tag.h Loading commit data...
tar.h Loading commit data...
tempfile.c Loading commit data...
tempfile.h Loading commit data...
test-chmtime.c Loading commit data...
test-config.c Loading commit data...
test-ctype.c Loading commit data...
test-date.c Loading commit data...
test-delta.c Loading commit data...
test-dump-cache-tree.c Loading commit data...
test-dump-split-index.c Loading commit data...
test-dump-untracked-cache.c Loading commit data...
test-genrandom.c Loading commit data...
test-hashmap.c Loading commit data...
test-index-version.c Loading commit data...
test-line-buffer.c Loading commit data...
test-match-trees.c Loading commit data...
test-mergesort.c Loading commit data...
test-mktemp.c Loading commit data...
test-parse-options.c Loading commit data...
test-path-utils.c Loading commit data...
test-prio-queue.c Loading commit data...
test-read-cache.c Loading commit data...
test-regex.c Loading commit data...
test-revision-walking.c Loading commit data...
test-run-command.c Loading commit data...
test-scrap-cache-tree.c Loading commit data...
test-sha1-array.c Loading commit data...
test-sha1.c Loading commit data...
test-sha1.sh Loading commit data...
test-sigchain.c Loading commit data...
test-string-list.c Loading commit data...
test-submodule-config.c Loading commit data...
test-subprocess.c Loading commit data...
test-svn-fe.c Loading commit data...
test-urlmatch-normalization.c Loading commit data...
test-wildmatch.c Loading commit data...
thread-utils.c Loading commit data...
thread-utils.h Loading commit data...
trace.c Loading commit data...
trace.h Loading commit data...
trailer.c Loading commit data...
trailer.h Loading commit data...
transport-helper.c Loading commit data...
transport.c Loading commit data...
transport.h Loading commit data...
tree-diff.c Loading commit data...
tree-walk.c Loading commit data...
tree-walk.h Loading commit data...
tree.c Loading commit data...
tree.h Loading commit data...
unicode_width.h Loading commit data...
unimplemented.sh Loading commit data...
unix-socket.c Loading commit data...
unix-socket.h Loading commit data...
unpack-trees.c Loading commit data...
unpack-trees.h Loading commit data...
update_unicode.sh Loading commit data...
upload-pack.c Loading commit data...
url.c Loading commit data...
url.h Loading commit data...
urlmatch.c Loading commit data...
urlmatch.h Loading commit data...
usage.c Loading commit data...
userdiff.c Loading commit data...
userdiff.h Loading commit data...
utf8.c Loading commit data...
utf8.h Loading commit data...
varint.c Loading commit data...
varint.h Loading commit data...
version.c Loading commit data...
version.h Loading commit data...
versioncmp.c Loading commit data...
walker.c Loading commit data...
walker.h Loading commit data...
wildmatch.c Loading commit data...
wildmatch.h Loading commit data...
worktree.c Loading commit data...
worktree.h Loading commit data...
wrap-for-bin.sh Loading commit data...
wrapper.c Loading commit data...
write_or_die.c Loading commit data...
ws.c Loading commit data...
wt-status.c Loading commit data...
wt-status.h Loading commit data...
xdiff-interface.c Loading commit data...
xdiff-interface.h Loading commit data...
zlib.c Loading commit data...