mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'jk/connect-clear-env' into maint

Browse Source 
The ssh transport, just like any other transport over the network,
did not clear GIT_* environment variables, but it is possible to
use SendEnv and AcceptEnv to leak them to the remote invocation of
Git, which is not a good idea at all.  Explicitly clear them just
like we do for the local transport.

* jk/connect-clear-env:
  git_connect: clarify conn->use_shell flag
  git_connect: clear GIT_* environment for ssh
This commit is contained in:
Junio C Hamano
2015-10-16 14:32:35 -07:00
parent 14d5a3e47e a48b409f9c
commit a3bbfe5d00
2 changed files with 49 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
connect.c
View File

@ -724,10 +724,13 @@ struct child_process *git_connect(int fd[2], const char *url,
strbuf_addch(&cmd, ' ');
sq_quote_buf(&cmd, path);
/* remove repo-local variables from the environment */
conn->env = local_repo_env;
conn->use_shell = 1;
conn->in = conn->out = -1;
if (protocol == PROTO_SSH) {
const char *ssh;
int putty, tortoiseplink = 0;
int putty = 0, tortoiseplink = 0;
char *ssh_host = hostandport;
const char *port = NULL;
transport_check_allowed("ssh");
@ -750,13 +753,17 @@ struct child_process *git_connect(int fd[2], const char *url,
}
ssh = getenv("GIT_SSH_COMMAND");
if (ssh) {
conn->use_shell = 1;
putty = 0;
} else {
if (!ssh) {
const char *base;
char *ssh_dup;
/*
* GIT_SSH is the no-shell version of
* GIT_SSH_COMMAND (and must remain so for
* historical compatibility).
*/
conn->use_shell = 0;
ssh = getenv("GIT_SSH");
if (!ssh)
ssh = "ssh";
@ -766,8 +773,9 @@ struct child_process *git_connect(int fd[2], const char *url,
tortoiseplink = !strcasecmp(base, "tortoiseplink") ||
!strcasecmp(base, "tortoiseplink.exe");
putty = !strcasecmp(base, "plink") ||
!strcasecmp(base, "plink.exe") || tortoiseplink;
putty = tortoiseplink ||
!strcasecmp(base, "plink") ||
!strcasecmp(base, "plink.exe");
free(ssh_dup);
}
@ -782,9 +790,6 @@ struct child_process *git_connect(int fd[2], const char *url,
}
argv_array_push(&conn->args, ssh_host);
} else {
/* remove repo-local variables from the environment */
conn->env = local_repo_env;
conn->use_shell = 1;
transport_check_allowed("file");
}
argv_array_push(&conn->args, cmd.buf);