Mercurial > hg-stable
view tests/test-revlog.t @ 33654:475af2f89636 stable
subrepo: add tests for hg rogue ssh urls (SEC)
'ssh://' has an exploit that will pass the url blindly to the ssh
command, allowing a malicious person to have a subrepo with
'-oProxyCommand' which could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' is able to execute arbitrary
commands.
When this happens, let's throw a big abort into the user's face so that
they can inspect what's going on.
| author | Sean Farley <sean@farley.io> |
|---|---|
| date | Mon, 31 Jul 2017 16:04:44 -0700 |
| parents | 36d3559c69a6 |
| children | 71d1bbf1617e |
line wrap: on
line source
$ hg init empty-repo $ cd empty-repo Flags on revlog version 0 are rejected >>> with open('.hg/store/00changelog.i', 'wb') as fh: ... fh.write('\x00\x01\x00\x00') $ hg log abort: unknown flags (0x01) in version 0 revlog 00changelog.i! [255] Unknown flags on revlog version 1 are rejected >>> with open('.hg/store/00changelog.i', 'wb') as fh: ... fh.write('\x00\x04\x00\x01') $ hg log abort: unknown flags (0x04) in version 1 revlog 00changelog.i! [255] Unknown version is rejected >>> with open('.hg/store/00changelog.i', 'wb') as fh: ... fh.write('\x00\x00\x00\x02') $ hg log abort: unknown version (2) in revlog 00changelog.i! [255] $ cd .. Test for CVE-2016-3630 $ hg init >>> open("a.i", "w").write( ... """eJxjYGZgZIAAYQYGxhgom+k/FMx8YKx9ZUaKSOyqo4cnuKb8mbqHV5cBCVTMWb1Cwqkhe4Gsg9AD ... Joa3dYtcYYYBAQ8Qr4OqZAYRICPTSr5WKd/42rV36d+8/VmrNpv7NP1jQAXrQE4BqQUARngwVA==""" ... .decode("base64").decode("zlib")) $ hg debugindex a.i rev offset length delta linkrev nodeid p1 p2 0 0 19 -1 2 99e0332bd498 000000000000 000000000000 1 19 12 0 3 6674f57a23d8 99e0332bd498 000000000000 $ hg debugdata a.i 1 2>&1 | egrep 'Error:.*decoded' (mercurial\.\w+\.mpatch\.)?mpatchError: patch cannot be decoded (re)