patchbomb: protect email addresses from shell
When patchbomb sends email via a sendmail-like program it invokes this
using procutil.popen which passes the string to a shell to be parsed.
To protect any special characters in the email addresses on the
command line from being interpretered by the shell they must be
quoted.
--- a/mercurial/mail.py Sun Sep 29 11:29:25 2019 -0700
+++ b/mercurial/mail.py Mon Sep 30 00:01:58 2019 +0200
@@ -152,7 +152,8 @@
def _sendmail(ui, sender, recipients, msg):
'''send mail using sendmail.'''
program = ui.config('email', 'method')
- stremail = lambda x: stringutil.email(encoding.strtolocal(x))
+ stremail = lambda x: (
+ procutil.quote(stringutil.email(encoding.strtolocal(x))))
cmdline = '%s -f %s %s' % (program, stremail(sender),
' '.join(map(stremail, recipients)))
ui.note(_('sending mail: %s\n') % cmdline)
--- a/mercurial/pycompat.py Sun Sep 29 11:29:25 2019 -0700
+++ b/mercurial/pycompat.py Mon Sep 30 00:01:58 2019 +0200
@@ -328,8 +328,11 @@
ret = shlex.split(s.decode('latin-1'), comments, posix)
return [a.encode('latin-1') for a in ret]
+ shlexquote = shlex.quote
+
else:
import cStringIO
+ import pipes
xrange = xrange
unicode = unicode
@@ -393,6 +396,7 @@
sysplatform = sys.platform
sysexecutable = sys.executable
shlexsplit = shlex.split
+ shlexquote = pipes.quote
bytesio = cStringIO.StringIO
stringio = bytesio
maplist = map
--- a/mercurial/utils/procutil.py Sun Sep 29 11:29:25 2019 -0700
+++ b/mercurial/utils/procutil.py Mon Sep 30 00:01:58 2019 +0200
@@ -70,6 +70,7 @@
spawndetached = platform.spawndetached
sshargs = platform.sshargs
testpid = platform.testpid
+quote = pycompat.shlexquote
try:
setprocname = osutil.setprocname
--- a/tests/test-patchbomb.t Sun Sep 29 11:29:25 2019 -0700
+++ b/tests/test-patchbomb.t Mon Sep 30 00:01:58 2019 +0200
@@ -3035,6 +3035,47 @@
sending [PATCH] test ...
sending mail: $TESTTMP/t2/pretendmail.sh -f test foo
+Shell characters in addresses
+
+ $ hg email --date '1980-1-1 0:1' -v -t '~foo/bar@example.com' -f 'me*@example.com' -r '10'
+ this patch series consists of 1 patches.
+
+ warning: invalid patchbomb.intro value "mpmwearaclownnose"
+ (should be one of always, never, auto)
+ -f me*@example.com ~foo/bar@example.com
+ MIME-Version: 1.0
+ Content-Type: text/plain; charset="us-ascii"
+ Content-Transfer-Encoding: 7bit
+ Subject: [PATCH] dd
+ X-Mercurial-Node: 3b6f1ec9dde933a40a115a7990f8b320477231af
+ X-Mercurial-Series-Index: 1
+ X-Mercurial-Series-Total: 1
+ Message-Id: <3b6f1ec9dde933a40a11.315532860@test-hostname>
+ X-Mercurial-Series-Id: <3b6f1ec9dde933a40a11.315532860@test-hostname>
+ User-Agent: Mercurial-patchbomb/* (glob)
+ Date: Tue, 01 Jan 1980 00:01:00 +0000
+ From: me*@example.com
+ To: ~foo/bar@example.com
+
+ # HG changeset patch
+ # User test
+ # Date 5 0
+ # Thu Jan 01 00:00:05 1970 +0000
+ # Branch test
+ # Node ID 3b6f1ec9dde933a40a115a7990f8b320477231af
+ # Parent 2f9fa9b998c5fe3ac2bd9a2b14bfcbeecbc7c268
+ dd
+
+ diff -r 2f9fa9b998c5 -r 3b6f1ec9dde9 d
+ --- a/d Thu Jan 01 00:00:04 1970 +0000
+ +++ b/d Thu Jan 01 00:00:05 1970 +0000
+ @@ -1,1 +1,2 @@
+ d
+ +d
+
+ sending [PATCH] dd ...
+ sending mail: $TESTTMP/t2/pretendmail.sh -f 'me*@example.com' '~foo/bar@example.com'
+
Test pull url header
=================================