Fork of git SCM with my patches. http://git.kilabit.info/git/atom?h=v2.9.5 2017-07-30T21:53:25Z 2017-07-30T21:53:25Z Junio C Hamano gitster@pobox.com 2017-07-30T21:53:25Z urn:sha1:4d4165b80d6b91a255e2847583bd4df98b5d54e1 Signed-off-by: Junio C Hamano <gitster@pobox.com> 2017-07-30T21:52:14Z Junio C Hamano gitster@pobox.com 2017-07-30T21:52:14Z urn:sha1:af0178aec7c38cb17bc641bc361656cc90bc6b79 Git 2.8.6 2017-07-30T21:49:08Z Junio C Hamano gitster@pobox.com 2017-07-30T21:49:08Z urn:sha1:8d7f72f176ea133c16e55f386a0b79a1cd46ff69 Signed-off-by: Junio C Hamano <gitster@pobox.com> 2017-07-30T21:46:43Z Junio C Hamano gitster@pobox.com 2017-07-30T21:46:43Z urn:sha1:7720c33f632c2d67b53169030a7ed2e0e6ae8fde Git 2.7.6 2017-07-30T21:45:13Z Junio C Hamano gitster@pobox.com 2017-07-30T21:45:13Z urn:sha1:5e0649dc65fe33e8cf38823350e9d7951f6a6346 Signed-off-by: Junio C Hamano <gitster@pobox.com> 2017-07-28T23:11:54Z Junio C Hamano gitster@pobox.com 2017-07-28T23:11:54Z urn:sha1:a4f234bf9bd3fb11fb1608a507783d9412af27a9 2017-07-28T22:54:55Z Jeff King peff@peff.net 2017-07-28T19:28:55Z urn:sha1:aeeb2d496859419ac1ba1da1162d6f3610f7f1f3 If we get a repo path like "-repo.git", we may try to invoke "git-upload-pack -repo.git". This is going to fail, since upload-pack will interpret it as a set of bogus options. But let's reject this before we even run the sub-program, since we would not want to allow any mischief with repo names that actually are real command-line options. You can still ask for such a path via git-daemon, but there's no security problem there, because git-daemon enters the repo itself and then passes "." on the command line. Signed-off-by: Jeff King <peff@peff.net> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2017-07-28T22:52:18Z Jeff King peff@peff.net 2017-07-28T19:26:50Z urn:sha1:3be4cf09cd3d0747af3ecdb8dc3962a0969b731e If you have a GIT_PROXY_COMMAND configured, we will run it with the host/port on the command-line. If a URL contains a mischievous host like "--foo", we don't know how the proxy command may handle it. It's likely to break, but it may also do something dangerous and unwanted (technically it could even do something useful, but that seems unlikely). We should err on the side of caution and reject this before we even run the command. The hostname check matches the one we do in a similar circumstance for ssh. The port check is not present for ssh, but there it's not necessary because the syntax is "-p <port>", and there's no ambiguity on the parsing side. It's not clear whether you can actually get a negative port to the proxy here or not. Doing: git fetch git://remote:-1234/repo.git keeps the "-1234" as part of the hostname, with the default port of 9418. But it's a good idea to keep this check close to the point of running the command to make it clear that there's no way to circumvent it (and at worst it serves as a belt-and-suspenders check). Signed-off-by: Jeff King <peff@peff.net> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2017-07-28T22:51:56Z Jeff King peff@peff.net 2017-07-28T19:25:45Z urn:sha1:2491f77b90c2e5d47acbe7472c17e7de0af74f63 We reject hostnames that start with a dash because they may be confused for command-line options. Let's factor out that notion into a helper function, as we'll use it in more places. And while it's simple now, it's not clear if some systems might need more complex logic to handle all cases. Signed-off-by: Jeff King <peff@peff.net> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2017-07-28T22:51:29Z Jeff King peff@peff.net 2017-07-28T19:23:32Z urn:sha1:2d90add5ad216807ec1433e5367fae730e74a4cb Per the explanation in the previous patch, this should be (and is) rejected. Signed-off-by: Jeff King <peff@peff.net> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>