Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mercurial
hg-CVE-2016-3069-05-convert_test_for_shell_inje...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File hg-CVE-2016-3069-05-convert_test_for_shell_injection.patch of Package mercurial
# HG changeset patch # User Mateusz Kwapich <mitrandir@fb.com> # Date 1458692847 25200 # Tue Mar 22 17:27:27 2016 -0700 # Branch stable # Node ID ae279d4a19e9683214cbd1fe8298cf0b50571432 # Parent 80cac1de6aea89f9d068abb09b0ea58c70bd7130 convert: test for shell injection in git calls (SEC) CVE-2016-3069 (5/5) Before recent refactoring we were not escaping calls to git at all which made such injections possible. Let's have a test for that to avoid this problem in the future. Reported by Blake Burkhart. --- tests/test-convert-git.t | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) --- a/tests/test-convert-git.t +++ b/tests/test-convert-git.t @@ -436,3 +436,20 @@ damage git repository by renaming a tree $ mv git-repo4/.git/objects/$TREE_OBJ git-repo4/.git/objects/$TREE_OBJ.tmp $ hg convert git-repo4 git-repo4-broken-hg 2>&1 | grep 'abort:' abort: cannot read changes in 1c0ce3c5886f83a1d78a7b517cdff5cf9ca17bdd + +test for escaping the repo name (CVE-2016-3069) + + $ git init '`echo pwned >COMMAND-INJECTION`' + Initialized empty Git repository in $TESTTMP/`echo pwned >COMMAND-INJECTION`/.git/ + $ cd '`echo pwned >COMMAND-INJECTION`' + $ git commit -q --allow-empty -m 'empty' + $ cd .. + $ hg convert '`echo pwned >COMMAND-INJECTION`' 'converted' + initializing destination converted repository + scanning source... + sorting... + converting... + 0 empty + updating bookmarks + $ test -f COMMAND-INJECTION + [1]
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor