Mercurial > hg
comparison tests/test-convert-git.t @ 29051:a56296f55a5e stable 3.8.1
convert: pass absolute paths to git (SEC)
Fixes CVE-2016-3105 (1/1).
Previously, it was possible for the repository path passed to git-ls-remote
to be misinterpreted as a URL.
Always passing an absolute path to git is a simple way to avoid this.
| author | Blake Burkhart <bburky@bburky.com> |
|---|---|
| date | Wed, 06 Apr 2016 22:57:46 -0500 |
| parents | 4a359b8f8fae |
| children | ea3540e66fd8 |
comparison
equal
deleted
inserted
replaced
| 29050:27ad6cae7785 | 29051:a56296f55a5e |
|---|---|
| 712 | 712 |
| 713 damage git repository by renaming a commit object | 713 damage git repository by renaming a commit object |
| 714 $ COMMIT_OBJ=1c/0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd | 714 $ COMMIT_OBJ=1c/0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd |
| 715 $ mv git-repo4/.git/objects/$COMMIT_OBJ git-repo4/.git/objects/$COMMIT_OBJ.tmp | 715 $ mv git-repo4/.git/objects/$COMMIT_OBJ git-repo4/.git/objects/$COMMIT_OBJ.tmp |
| 716 $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' | 716 $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' |
| 717 abort: cannot retrieve number of commits in git-repo4/.git | 717 abort: cannot retrieve number of commits in $TESTTMP/git-repo4/.git |
| 718 $ mv git-repo4/.git/objects/$COMMIT_OBJ.tmp git-repo4/.git/objects/$COMMIT_OBJ | 718 $ mv git-repo4/.git/objects/$COMMIT_OBJ.tmp git-repo4/.git/objects/$COMMIT_OBJ |
| 719 damage git repository by renaming a blob object | 719 damage git repository by renaming a blob object |
| 720 | 720 |
| 721 $ BLOB_OBJ=8b/137891791fe96927ad78e64b0aad7bded08bdc | 721 $ BLOB_OBJ=8b/137891791fe96927ad78e64b0aad7bded08bdc |
| 722 $ mv git-repo4/.git/objects/$BLOB_OBJ git-repo4/.git/objects/$BLOB_OBJ.tmp | 722 $ mv git-repo4/.git/objects/$BLOB_OBJ git-repo4/.git/objects/$BLOB_OBJ.tmp |
| 747 0 empty | 747 0 empty |
| 748 updating bookmarks | 748 updating bookmarks |
| 749 $ test -f COMMAND-INJECTION | 749 $ test -f COMMAND-INJECTION |
| 750 [1] | 750 [1] |
| 751 | 751 |
| 752 test for safely passing paths to git (CVE-2016-3105) | |
| 753 | |
| 754 $ git init 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' | |
| 755 Initialized empty Git repository in $TESTTMP/ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #/.git/ | |
| 756 $ cd 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' | |
| 757 $ git commit -q --allow-empty -m 'empty' | |
| 758 $ cd .. | |
| 759 $ hg convert 'ext::sh -c echo% pwned% >GIT-EXT-COMMAND-INJECTION% #' 'converted-git-ext' | |
| 760 initializing destination converted-git-ext repository | |
| 761 scanning source... | |
| 762 sorting... | |
| 763 converting... | |
| 764 0 empty | |
| 765 updating bookmarks | |
| 766 $ test -f GIT-EXT-COMMAND-INJECTION | |
| 767 [1] | |
| 768 | |
| 752 #endif | 769 #endif |
| 753 | 770 |