Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
mercurial.7061
CVE-2017-1000116-0003.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-1000116-0003.patch of Package mercurial.7061
# HG changeset patch # User Augie Fackler <augie@google.com> # Date 1501869603 14400 # Fri Aug 04 14:00:03 2017 -0400 # Branch stable # Node ID e10745311406a9c6d2938583028ee2aaf74dd2bd # Parent 53224b1ffbc2438941e8e50375f532f2603c8f0f ssh: ban any username@host or host that starts with - (SEC) This paranoia probably isn't required, but it can't hurt either. --- mercurial/posix.py | 4 ++++ mercurial/windows.py | 5 +++++ 2 files changed, 9 insertions(+) --- a/mercurial/posix.py +++ b/mercurial/posix.py @@ -8,6 +8,7 @@ from i18n import _ import encoding import os, sys, errno, stat, getpass, pwd, grp, socket, tempfile, unicodedata +import error posixfile = open normpath = os.path.normpath @@ -64,6 +65,9 @@ def parsepatchoutput(output_line): def sshargs(sshcmd, host, user, port): '''Build argument list for ssh''' args = user and ("%s@%s" % (user, host)) or host + if '-' in args[:2]: + raise error.Abort( + _('illegal ssh hostname or username starting with -: %s') % args) return port and ("%s -p %s" % (args, port)) or args def isexec(f): --- a/mercurial/windows.py +++ b/mercurial/windows.py @@ -8,6 +8,7 @@ from i18n import _ import osutil, encoding import errno, msvcrt, os, re, stat, sys, _winreg +import error import win32 executablepath = win32.executablepath @@ -100,6 +101,10 @@ def sshargs(sshcmd, host, user, port): '''Build argument list for ssh or Plink''' pflag = 'plink' in sshcmd.lower() and '-P' or '-p' args = user and ("%s@%s" % (user, host)) or host + if args.startswith('-') or args.startswith('/'): + raise error.Abort( + _('illegal ssh hostname or username starting with - or /: %s') % + args) return port and ("%s %s %s" % (args, pflag, port)) or args def setflags(f, l, x):
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor