ssh: ban any username@host or host that starts with - (SEC) stable
authorAugie Fackler <augie@google.com>
Fri, 04 Aug 2017 14:00:03 -0400
branchstable
changeset 39154 e10745311406a9c6d2938583028ee2aaf74dd2bd
parent 39153 53224b1ffbc2438941e8e50375f532f2603c8f0f
child 39155 f93975a5ebe8e0e96c8c1220ee6cb2a0e49cc9b9
push id560
push usergszorc@mozilla.com
push dateFri, 11 Aug 2017 05:35:26 +0000
ssh: ban any username@host or host that starts with - (SEC) This paranoia probably isn't required, but it can't hurt either.
mercurial/posix.py
mercurial/windows.py
--- a/mercurial/posix.py
+++ b/mercurial/posix.py
@@ -18,16 +18,17 @@ import select
 import stat
 import sys
 import tempfile
 import unicodedata
 
 from .i18n import _
 from . import (
     encoding,
+    error,
     pycompat,
 )
 
 posixfile = open
 normpath = os.path.normpath
 samestat = os.path.samestat
 try:
     oslink = os.link
@@ -86,16 +87,19 @@ def parsepatchoutput(output_line):
     else:
         if pf.startswith("'") and pf.endswith("'") and " " in pf:
             pf = pf[1:-1] # Remove the quotes
     return pf
 
 def sshargs(sshcmd, host, user, port):
     '''Build argument list for ssh'''
     args = user and ("%s@%s" % (user, host)) or host
+    if '-' in args[:2]:
+        raise error.Abort(
+            _('illegal ssh hostname or username starting with -: %s') % args)
     return port and ("%s -p %s" % (args, port)) or args
 
 def isexec(f):
     """check whether a file is executable"""
     return (os.lstat(f).st_mode & 0o100 != 0)
 
 def setflags(f, l, x):
     s = os.lstat(f).st_mode
--- a/mercurial/windows.py
+++ b/mercurial/windows.py
@@ -12,16 +12,17 @@ import msvcrt
 import os
 import re
 import stat
 import sys
 
 from .i18n import _
 from . import (
     encoding,
+    error,
     osutil,
     pycompat,
     win32,
 )
 
 try:
     import _winreg as winreg
     winreg.CloseKey
@@ -194,16 +195,20 @@ def parsepatchoutput(output_line):
     if pf[0] == '`':
         pf = pf[1:-1] # Remove the quotes
     return pf
 
 def sshargs(sshcmd, host, user, port):
     '''Build argument list for ssh or Plink'''
     pflag = 'plink' in sshcmd.lower() and '-P' or '-p'
     args = user and ("%s@%s" % (user, host)) or host
+    if args.startswith('-') or args.startswith('/'):
+        raise error.Abort(
+            _('illegal ssh hostname or username starting with - or /: %s') %
+            args)
     return port and ("%s %s %s" % (args, pflag, port)) or args
 
 def setflags(f, l, x):
     pass
 
 def copymode(src, dst, mode=None):
     pass