summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <junkio@cox.net>2005-07-08 07:02:52 (GMT)
committerLinus Torvalds <torvalds@g5.osdl.org>2005-07-08 18:01:10 (GMT)
commitb10d0ec7321a6bd6cc1a62f44fee305a0d184dca (patch)
tree35c8f091000fc8ff32e60d6a530d8d650c874c66
parent6fb737be5e4803feabe0d1b6169de36131936368 (diff)
downloadgit-b10d0ec7321a6bd6cc1a62f44fee305a0d184dca.zip
git-b10d0ec7321a6bd6cc1a62f44fee305a0d184dca.tar.gz
git-b10d0ec7321a6bd6cc1a62f44fee305a0d184dca.tar.bz2
[PATCH] Use sq_quote() to properly quote the parameter to call shell.
This tries to be more lenient to the users and stricter to the attackers by quoting the input properly for shell safety, instead of forbidding certain characters from the input. Things to note: - We do not quote "prog" parameter (which comes from --exec). The user should know what he is doing. --exec='echo foo' will supply the first two parameters to the resulting command, while --exec="'echo foo'" will give the first parameter, a single string with a space inside. - We do not care too much about leaking the sq_quote() output just before running exec(). Signed-off-by: Junio C Hamano <junkio@cox.net> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--connect.c33
1 files changed, 3 insertions, 30 deletions
diff --git a/connect.c b/connect.c
index 3d4b31d..b508be3 100644
--- a/connect.c
+++ b/connect.c
@@ -1,5 +1,6 @@
#include "cache.h"
#include "pkt-line.h"
+#include "quote.h"
#include <sys/wait.h>
int get_ack(int fd, unsigned char *result_sha1)
@@ -42,34 +43,6 @@ int path_match(const char *path, int nr, char **match)
}
/*
- * First, make it shell-safe. We do this by just disallowing any
- * special characters. Somebody who cares can do escaping and let
- * through the rest. But since we're doing to feed this to ssh as
- * a command line, we're going to be pretty damn anal for now.
- */
-static char *shell_safe(char *url)
-{
- char *n = url;
- unsigned char c;
- static const char flags[256] = {
- ['0'...'9'] = 1,
- ['a'...'z'] = 1,
- ['A'...'Z'] = 1,
- ['.'] = 1, ['/'] = 1,
- ['-'] = 1, ['+'] = 1,
- [':'] = 1, ['_'] = 1,
- ['@'] = 1, [','] = 1,
- ['~'] = 1, ['^'] = 1,
- };
-
- while ((c = *n++) != 0) {
- if (flags[c] != 1)
- die("I don't like '%c'. Sue me.", c);
- }
- return url;
-}
-
-/*
* Yeah, yeah, fixme. Need to pass in the heads etc.
*/
int git_connect(int fd[2], char *url, const char *prog)
@@ -80,7 +53,6 @@ int git_connect(int fd[2], char *url, const char *prog)
int pipefd[2][2];
pid_t pid;
- url = shell_safe(url);
host = NULL;
path = url;
colon = strchr(url, ':');
@@ -89,11 +61,12 @@ int git_connect(int fd[2], char *url, const char *prog)
host = url;
path = colon+1;
}
- snprintf(command, sizeof(command), "%s %s", prog, path);
if (pipe(pipefd[0]) < 0 || pipe(pipefd[1]) < 0)
die("unable to create pipe pair for communication");
pid = fork();
if (!pid) {
+ snprintf(command, sizeof(command), "%s %s", prog,
+ sq_quote(path));
dup2(pipefd[1][0], 0);
dup2(pipefd[0][1], 1);
close(pipefd[0][0]);