Home Explore Help
Sign In
CityApper
/
dulwich
mirror of https://github.com/jelmer/dulwich
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Prevent setting SSH arguments in SSH URLs when using subprocess SSH client.

Jelmer Vernooij 7 years ago
parent
fe7b856ee4
commit
7116a0cbbd
3 changed files with 23 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      NEWS
  2. 9 0
      dulwich/client.py
  3. 10 0
      dulwich/tests/test_client.py

+ 4 - 0
NEWS
View File 

@@ -7,6 +7,10 @@
 
   * Fix setting of origin in config when non-standard origin is passed into
 
     ``Repo.clone``. (Kenneth Lareau, #565)
 
 
+  * Prevent setting SSH arguments from SSH URLs when using SSH through a
 
+    subprocess. Note that Dulwich doesn't support cloning submodules.
 
+    (CVE 2017-1000117) (Jelmer Vernooij)
 
+
 
  IMPROVEMENTS
 
 
   * Silently ignored directories in ``Repo.stage``.

+ 9 - 0
dulwich/client.py
View File 

@@ -1080,6 +1080,13 @@ class SSHVendor(object):
 
         raise NotImplementedError(self.run_command)
 
 
 
+class StrangeHostname(Exception):
 
+    """Refusing to connect to strange SSH hostname."""
 
+
 
+    def __init__(self, hostname):
 
+        super(StrangeHostname, self).__init__(hostname)
 
+
 
+
 
 class SubprocessSSHVendor(SSHVendor):
 
     """SSH vendor that shells out to the local 'ssh' command."""
 
 
@@ -1090,6 +1097,8 @@ class SubprocessSSHVendor(SSHVendor):
 
             args.extend(['-p', str(port)])
 
         if username is not None:
 
             host = '%s@%s' % (username, host)
 
+        if host.startswith('-'):
 
+            raise StrangeHostname(hostname=host)
 
         args.append(host)
 
         proc = subprocess.Popen(args + [command], bufsize=0,
 
                                 stdin=subprocess.PIPE,

+ 10 - 0
dulwich/tests/test_client.py
View File 

@@ -50,6 +50,8 @@ from dulwich.client import (
 
     HttpGitClient,
 
     ReportStatusParser,
 
     SendPackError,
 
+    StrangeHostname,
 
+    SubprocessSSHVendor,
 
     UpdateRefsError,
 
     default_urllib2_opener,
 
     get_transport_and_path,
 
@@ -942,3 +944,11 @@ class DefaultUrllib2OpenerTest(TestCase):
 
         opener = default_urllib2_opener(config=config)
 
         self.assertIn(urllib2.ProxyHandler,
 
                       list(map(lambda x: x.__class__, opener.handlers)))
 
+
 
+
 
+class SubprocessSSHVendorTests(TestCase):
 
+
 
+    def test_run_command_dashes(self):
 
+        vendor = SubprocessSSHVendor()
 
+        self.assertRaises(StrangeHostname, vendor.run_command, '--weird-host',
 
+                          'git-clone-url')