Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
mercurial
mercurial-CVE-2014-9462.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File mercurial-CVE-2014-9462.patch of Package mercurial
# HG changeset patch # User Matt Mackall <mpm@selenic.com> # Date 1419884822 21600 # Node ID e3f30068d2ebdeb549ea0cd9fec76df2e6ef40bb # Parent b65a01a4316baabe80aa3af585feaabcf0a7b537 sshpeer: more thorough shell quoting This fixes an issue spotted by Jesse Hertz. --- mercurial/sshpeer.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/mercurial/sshpeer.py +++ b/mercurial/sshpeer.py @@ -20,6 +20,8 @@ class remotelock(object): self.release() def _serverquote(s): + if not s: + return s '''quote a string for the remote shell ... which we assume is sh''' if re.match('[a-zA-Z0-9@%_+=:,./-]*$', s): return s @@ -45,7 +47,10 @@ class sshpeer(wireproto.wirepeer): sshcmd = self.ui.config("ui", "ssh", "ssh") remotecmd = self.ui.config("ui", "remotecmd", "hg") - args = util.sshargs(sshcmd, self.host, self.user, self.port) + args = util.sshargs(sshcmd, + _serverquote(self.host), + _serverquote(self.user), + _serverquote(self.port)) if create: cmd = '%s %s %s' % (sshcmd, args,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor