Google Git
Sign in
code / git / 3be4cf09cd3d0747af3ecdb8dc3962a0969b731e
commit3be4cf09cd3d0747af3ecdb8dc3962a0969b731e[log] [tgz]
authorJeff King <peff@peff.net>Fri Jul 28 15:26:50 2017 -0400
committerJunio C Hamano <gitster@pobox.com>Fri Jul 28 15:52:18 2017 -0700
tree1bc7773276b260a31f29bb335c6ce97f5632f6f4
parent2491f77b90c2e5d47acbe7472c17e7de0af74f63 [diff]
connect: reject dashed arguments for proxy commands

If you have a GIT_PROXY_COMMAND configured, we will run it
with the host/port on the command-line. If a URL contains a
mischievous host like "--foo", we don't know how the proxy
command may handle it. It's likely to break, but it may also
do something dangerous and unwanted (technically it could
even do something useful, but that seems unlikely).

We should err on the side of caution and reject this before
we even run the command.

The hostname check matches the one we do in a similar
circumstance for ssh. The port check is not present for ssh,
but there it's not necessary because the syntax is "-p
<port>", and there's no ambiguity on the parsing side.

It's not clear whether you can actually get a negative port
to the proxy here or not. Doing:

  git fetch git://remote:-1234/repo.git

keeps the "-1234" as part of the hostname, with the default
port of 9418. But it's a good idea to keep this check close
to the point of running the command to make it clear that
there's no way to circumvent it (and at worst it serves as a
belt-and-suspenders check).

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2 files changed
tree: 1bc7773276b260a31f29bb335c6ce97f5632f6f4
  1. block-sha1/
  2. builtin/
  3. compat/
  4. contrib/
  5. Documentation/
  6. ewah/
  7. git-gui/
  8. gitk-git/
  9. gitweb/
  10. mergetools/
  11. perl/
  12. po/
  13. ppc/
  14. refs/
  15. t/
  16. templates/
  17. vcs-svn/
  18. xdiff/
  19. RelNotesDocumentation/RelNotes/2.7.5.txt
  20. .gitattributes
  21. .gitignore
  22. .mailmap
  23. .travis.yml
  24. abspath.c
  25. aclocal.m4
  26. advice.c
  27. advice.h
  28. alias.c
  29. alloc.c
  30. archive-tar.c
  31. archive-zip.c
  32. archive.c
  33. archive.h
  34. argv-array.c
  35. argv-array.h
  36. attr.c
  37. attr.h
  38. base85.c
  39. bisect.c
  40. bisect.h
  41. blob.c
  42. blob.h
  43. branch.c
  44. branch.h
  45. builtin.h
  46. bulk-checkin.c
  47. bulk-checkin.h
  48. bundle.c
  49. bundle.h
  50. cache-tree.c
  51. cache-tree.h
  52. cache.h
  53. check-builtins.sh
  54. check-racy.c
  55. check_bindir
  56. color.c
  57. color.h
  58. column.c
  59. column.h
  60. combine-diff.c
  61. command-list.txt
  62. commit-slab.h
  63. commit.c
  64. commit.h
  65. config.c
  66. config.mak.in
  67. config.mak.uname
  68. configure.ac
  69. connect.c
  70. connect.h
  71. connected.c
  72. connected.h
  73. convert.c
  74. convert.h
  75. copy.c
  76. COPYING
  77. credential-cache--daemon.c
  78. credential-cache.c
  79. credential-store.c
  80. credential.c
  81. credential.h
  82. csum-file.c
  83. csum-file.h
  84. ctype.c
  85. daemon.c
  86. date.c
  87. decorate.c
  88. decorate.h
  89. delta.h
  90. diff-delta.c
  91. diff-lib.c
  92. diff-no-index.c
  93. diff.c
  94. diff.h
  95. diffcore-break.c
  96. diffcore-delta.c
  97. diffcore-order.c
  98. diffcore-pickaxe.c
  99. diffcore-rename.c
  100. diffcore.h
  101. dir.c
  102. dir.h
  103. editor.c
  104. entry.c
  105. environment.c
  106. exec_cmd.c
  107. exec_cmd.h
  108. fast-import.c
  109. fetch-pack.c
  110. fetch-pack.h
  111. fmt-merge-msg.h
  112. fsck.c
  113. fsck.h
  114. generate-cmdlist.sh
  115. gettext.c
  116. gettext.h
  117. git-add--interactive.perl
  118. git-archimport.perl
  119. git-bisect.sh
  120. git-compat-util.h
  121. git-cvsexportcommit.perl
  122. git-cvsimport.perl
  123. git-cvsserver.perl
  124. git-difftool--helper.sh
  125. git-difftool.perl
  126. git-filter-branch.sh
  127. git-instaweb.sh
  128. git-merge-octopus.sh
  129. git-merge-one-file.sh
  130. git-merge-resolve.sh
  131. git-mergetool--lib.sh
  132. git-mergetool.sh
  133. git-p4.py
  134. git-parse-remote.sh
  135. git-quiltimport.sh
  136. git-rebase--am.sh
  137. git-rebase--interactive.sh
  138. git-rebase--merge.sh
  139. git-rebase.sh
  140. git-relink.perl
  141. git-remote-testgit.sh
  142. git-request-pull.sh
  143. git-send-email.perl
  144. git-sh-i18n.sh
  145. git-sh-setup.sh
  146. git-stash.sh
  147. git-submodule.sh
  148. git-svn.perl
  149. GIT-VERSION-GEN
  150. git-web--browse.sh
  151. git.c
  152. git.rc
  153. git.spec.in
  154. gpg-interface.c
  155. gpg-interface.h
  156. graph.c
  157. graph.h
  158. grep.c
  159. grep.h
  160. hashmap.c
  161. hashmap.h
  162. help.c
  163. help.h
  164. hex.c
  165. http-backend.c
  166. http-fetch.c
  167. http-push.c
  168. http-walker.c
  169. http.c
  170. http.h
  171. ident.c
  172. imap-send.c
  173. INSTALL
  174. khash.h
  175. kwset.c
  176. kwset.h
  177. levenshtein.c
  178. levenshtein.h
  179. LGPL-2.1
  180. line-log.c
  181. line-log.h
  182. line-range.c
  183. line-range.h
  184. list-objects.c
  185. list-objects.h
  186. ll-merge.c
  187. ll-merge.h
  188. lockfile.c
  189. lockfile.h
  190. log-tree.c
  191. log-tree.h
  192. mailinfo.c
  193. mailinfo.h
  194. mailmap.c
  195. mailmap.h
  196. Makefile
  197. match-trees.c
  198. merge-blobs.c
  199. merge-blobs.h
  200. merge-recursive.c
  201. merge-recursive.h
  202. merge.c
  203. mergesort.c
  204. mergesort.h
  205. name-hash.c
  206. notes-cache.c
  207. notes-cache.h
  208. notes-merge.c
  209. notes-merge.h
  210. notes-utils.c
  211. notes-utils.h
  212. notes.c
  213. notes.h
  214. object.c
  215. object.h
  216. pack-bitmap-write.c
  217. pack-bitmap.c
  218. pack-bitmap.h
  219. pack-check.c
  220. pack-objects.c
  221. pack-objects.h
  222. pack-revindex.c
  223. pack-revindex.h
  224. pack-write.c
  225. pack.h
  226. pager.c
  227. parse-options-cb.c
  228. parse-options.c
  229. parse-options.h
  230. patch-delta.c
  231. patch-ids.c
  232. patch-ids.h
  233. path.c
  234. pathspec.c
  235. pathspec.h
  236. pkt-line.c
  237. pkt-line.h
  238. preload-index.c
  239. pretty.c
  240. prio-queue.c
  241. prio-queue.h
  242. progress.c
  243. progress.h
  244. prompt.c
  245. prompt.h
  246. quote.c
  247. quote.h
  248. reachable.c
  249. reachable.h
  250. read-cache.c
  251. README
  252. ref-filter.c
  253. ref-filter.h
  254. reflog-walk.c
  255. reflog-walk.h
  256. refs.c
  257. refs.h
  258. remote-curl.c
  259. remote-testsvn.c
  260. remote.c
  261. remote.h
  262. replace_object.c
  263. rerere.c
  264. rerere.h
  265. resolve-undo.c
  266. resolve-undo.h
  267. revision.c
  268. revision.h
  269. run-command.c
  270. run-command.h
  271. send-pack.c
  272. send-pack.h
  273. sequencer.c
  274. sequencer.h
  275. server-info.c
  276. setup.c
  277. sh-i18n--envsubst.c
  278. sha1-array.c
  279. sha1-array.h
  280. sha1-lookup.c
  281. sha1-lookup.h
  282. sha1_file.c
  283. sha1_name.c
  284. shallow.c
  285. shell.c
  286. shortlog.h
  287. show-index.c
  288. sideband.c
  289. sideband.h
  290. sigchain.c
  291. sigchain.h
  292. split-index.c
  293. split-index.h
  294. strbuf.c
  295. strbuf.h
  296. streaming.c
  297. streaming.h
  298. string-list.c
  299. string-list.h
  300. submodule-config.c
  301. submodule-config.h
  302. submodule.c
  303. submodule.h
  304. symlinks.c
  305. tag.c
  306. tag.h
  307. tar.h
  308. tempfile.c
  309. tempfile.h
  310. test-chmtime.c
  311. test-config.c
  312. test-ctype.c
  313. test-date.c
  314. test-delta.c
  315. test-dump-cache-tree.c
  316. test-dump-split-index.c
  317. test-dump-untracked-cache.c
  318. test-genrandom.c
  319. test-hashmap.c
  320. test-index-version.c
  321. test-line-buffer.c
  322. test-match-trees.c
  323. test-mergesort.c
  324. test-mktemp.c
  325. test-parse-options.c
  326. test-path-utils.c
  327. test-prio-queue.c
  328. test-read-cache.c
  329. test-regex.c
  330. test-revision-walking.c
  331. test-run-command.c
  332. test-scrap-cache-tree.c
  333. test-sha1-array.c
  334. test-sha1.c
  335. test-sha1.sh
  336. test-sigchain.c
  337. test-string-list.c
  338. test-submodule-config.c
  339. test-subprocess.c
  340. test-svn-fe.c
  341. test-urlmatch-normalization.c
  342. test-wildmatch.c
  343. thread-utils.c
  344. thread-utils.h
  345. trace.c
  346. trace.h
  347. trailer.c
  348. trailer.h
  349. transport-helper.c
  350. transport.c
  351. transport.h
  352. tree-diff.c
  353. tree-walk.c
  354. tree-walk.h
  355. tree.c
  356. tree.h
  357. unicode_width.h
  358. unimplemented.sh
  359. unix-socket.c
  360. unix-socket.h
  361. unpack-trees.c
  362. unpack-trees.h
  363. update_unicode.sh
  364. upload-pack.c
  365. url.c
  366. url.h
  367. urlmatch.c
  368. urlmatch.h
  369. usage.c
  370. userdiff.c
  371. userdiff.h
  372. utf8.c
  373. utf8.h
  374. varint.c
  375. varint.h
  376. version.c
  377. version.h
  378. versioncmp.c
  379. walker.c
  380. walker.h
  381. wildmatch.c
  382. wildmatch.h
  383. worktree.c
  384. worktree.h
  385. wrap-for-bin.sh
  386. wrapper.c
  387. write_or_die.c
  388. ws.c
  389. wt-status.c
  390. wt-status.h
  391. xdiff-interface.c
  392. xdiff-interface.h
  393. zlib.c