util: add utility method to check for bad ssh urls (SEC)
Our use of SSH has an exploit that will parse the first part of an url
blindly as a hostname. Prior to this set of security patches, a url
with '-oProxyCommand' could run arbitrary code on a user's machine. In
addition, at least on Windows, a pipe '|' can be abused to execute
arbitrary commands in a similar fashion.
We defend against this by checking ssh:// URLs and looking for a
hostname that starts with a - or contains a |.
When this happens, let's throw a big abort into the user's face so
that they can inspect what's going on.
from __future__ import absolute_import
import cffi
import os
ffi = cffi.FFI()
ffi.set_source("_bdiff_cffi",
open(os.path.join(os.path.join(os.path.dirname(__file__), '..'),
'bdiff.c')).read(), include_dirs=['mercurial'])
ffi.cdef("""
struct bdiff_line {
int hash, n, e;
ssize_t len;
const char *l;
};
struct bdiff_hunk;
struct bdiff_hunk {
int a1, a2, b1, b2;
struct bdiff_hunk *next;
};
int bdiff_splitlines(const char *a, ssize_t len, struct bdiff_line **lr);
int bdiff_diff(struct bdiff_line *a, int an, struct bdiff_line *b, int bn,
struct bdiff_hunk *base);
void bdiff_freehunks(struct bdiff_hunk *l);
void free(void*);
""")
if __name__ == '__main__':
ffi.compile()