diff options
| author | Junio C Hamano <gitster@pobox.com> | 2017-08-04 12:40:37 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2017-08-04 12:40:37 -0700 |
| commit | 230ce07d134f597a8107d3ed5d76d212ff90db70 (patch) | |
| tree | 9f9de19330fc4c7edcee3b286ef68d1a7561284c /connect.c | |
| parent | 4384e3cde2ce8ecd194202e171ae16333d241326 (diff) | |
| parent | 7234152e66e52c7601789f6de822bb39590f0595 (diff) | |
| download | git-230ce07d134f597a8107d3ed5d76d212ff90db70.tar.gz | |
Merge tag 'v2.13.5' into maint
Diffstat (limited to 'connect.c')
| -rw-r--r-- | connect.c | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -578,6 +578,11 @@ static struct child_process *git_proxy_connect(int fd[2], char *host) get_host_and_port(&host, &port); + if (looks_like_command_line_option(host)) + die("strange hostname '%s' blocked", host); + if (looks_like_command_line_option(port)) + die("strange port '%s' blocked", port); + proxy = xmalloc(sizeof(*proxy)); child_process_init(proxy); argv_array_push(&proxy->args, git_proxy_command); @@ -824,6 +829,9 @@ struct child_process *git_connect(int fd[2], const char *url, conn = xmalloc(sizeof(*conn)); child_process_init(conn); + if (looks_like_command_line_option(path)) + die("strange pathname '%s' blocked", path); + strbuf_addstr(&cmd, prog); strbuf_addch(&cmd, ' '); sq_quote_buf(&cmd, path); @@ -857,6 +865,9 @@ struct child_process *git_connect(int fd[2], const char *url, return NULL; } + if (looks_like_command_line_option(ssh_host)) + die("strange hostname '%s' blocked", ssh_host); + ssh = get_ssh_command(); if (ssh) handle_ssh_variant(ssh, 1, &port_option, |