[Python-modules-commits] [dulwich] 14/19: Prevent setting SSH arguments in SSH URLs when using subprocess SSH client.
Jelmer Vernooij
jelmer at moszumanska.debian.org
Sun Oct 29 17:22:28 UTC 2017
This is an automated email from the git hooks/post-receive script.
jelmer pushed a commit to branch master
in repository dulwich.
commit 7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6
Author: Jelmer Vernooij <jelmer at debian.org>
Date: Sun Oct 29 16:25:53 2017 +0000
Prevent setting SSH arguments in SSH URLs when using subprocess SSH client.
---
NEWS | 4 ++++
dulwich/client.py | 9 +++++++++
dulwich/tests/test_client.py | 10 ++++++++++
3 files changed, 23 insertions(+)
diff --git a/NEWS b/NEWS
index 53715aa..de356d9 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@
* Fix setting of origin in config when non-standard origin is passed into
``Repo.clone``. (Kenneth Lareau, #565)
+ * Prevent setting SSH arguments from SSH URLs when using SSH through a
+ subprocess. Note that Dulwich doesn't support cloning submodules.
+ (CVE 2017-1000117) (Jelmer Vernooij)
+
IMPROVEMENTS
* Silently ignored directories in ``Repo.stage``.
diff --git a/dulwich/client.py b/dulwich/client.py
index 4a41589..185a9a6 100644
--- a/dulwich/client.py
+++ b/dulwich/client.py
@@ -1080,6 +1080,13 @@ class SSHVendor(object):
raise NotImplementedError(self.run_command)
+class StrangeHostname(Exception):
+ """Refusing to connect to strange SSH hostname."""
+
+ def __init__(self, hostname):
+ super(StrangeHostname, self).__init__(hostname)
+
+
class SubprocessSSHVendor(SSHVendor):
"""SSH vendor that shells out to the local 'ssh' command."""
@@ -1090,6 +1097,8 @@ class SubprocessSSHVendor(SSHVendor):
args.extend(['-p', str(port)])
if username is not None:
host = '%s@%s' % (username, host)
+ if host.startswith('-'):
+ raise StrangeHostname(hostname=host)
args.append(host)
proc = subprocess.Popen(args + [command], bufsize=0,
stdin=subprocess.PIPE,
diff --git a/dulwich/tests/test_client.py b/dulwich/tests/test_client.py
index ea4d4d3..7cd8f38 100644
--- a/dulwich/tests/test_client.py
+++ b/dulwich/tests/test_client.py
@@ -50,6 +50,8 @@ from dulwich.client import (
HttpGitClient,
ReportStatusParser,
SendPackError,
+ StrangeHostname,
+ SubprocessSSHVendor,
UpdateRefsError,
default_urllib2_opener,
get_transport_and_path,
@@ -942,3 +944,11 @@ class DefaultUrllib2OpenerTest(TestCase):
opener = default_urllib2_opener(config=config)
self.assertIn(urllib2.ProxyHandler,
list(map(lambda x: x.__class__, opener.handlers)))
+
+
+class SubprocessSSHVendorTests(TestCase):
+
+ def test_run_command_dashes(self):
+ vendor = SubprocessSSHVendor()
+ self.assertRaises(StrangeHostname, vendor.run_command, '--weird-host',
+ 'git-clone-url')
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/dulwich.git
More information about the Python-modules-commits
mailing list