Mercurial > hg
diff tests/test-pull.t @ 33644:943c91326b23 stable 4.2.3
ssh: unban the use of pipe character in user@host:port string
This vulnerability was fixed by the previous patch and there were more ways
to exploit than using '|shellcmd'. So it doesn't make sense to reject only
pipe character.
Test cases are updated to actually try to exploit the bug. As the SSH bridge
of git/svn subrepos are not managed by our code, the tests for non-hg subrepos
are just removed.
This may be folded into the original patches.
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Mon, 07 Aug 2017 22:22:28 +0900 |
| parents | 92b583e3e522 |
| children | eb586ed5d8ce |
line wrap: on
line diff
--- a/tests/test-pull.t Fri Aug 04 23:54:12 2017 -0700 +++ b/tests/test-pull.t Mon Aug 07 22:22:28 2017 +0900 @@ -107,6 +107,11 @@ SEC: check for unsafe ssh url + $ cat >> $HGRCPATH << EOF + > [ui] + > ssh = sh -c "read l; read l; read l" + > EOF + $ hg pull 'ssh://-oProxyCommand=touch${IFS}owned/path' pulling from ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' @@ -115,13 +120,15 @@ pulling from ssh://-oProxyCommand%3Dtouch%24%7BIFS%7Downed/path abort: potentially unsafe url: 'ssh://-oProxyCommand=touch${IFS}owned/path' [255] - $ hg pull 'ssh://fakehost|shellcommand/path' - pulling from ssh://fakehost%7Cshellcommand/path - abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path' + $ hg pull 'ssh://fakehost|touch${IFS}owned/path' + pulling from ssh://fakehost%7Ctouch%24%7BIFS%7Downed/path + abort: no suitable response from remote hg! [255] - $ hg pull 'ssh://fakehost%7Cshellcommand/path' - pulling from ssh://fakehost%7Cshellcommand/path - abort: potentially unsafe url: 'ssh://fakehost|shellcommand/path' + $ hg pull 'ssh://fakehost%7Ctouch%20owned/path' + pulling from ssh://fakehost%7Ctouch%20owned/path + abort: no suitable response from remote hg! [255] + $ [ ! -f owned ] || echo 'you got owned' + $ cd ..