diff options
author | Junio C Hamano <gitster@pobox.com> | 2015-10-05 12:30:14 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-10-05 12:30:14 -0700 |
commit | e6f11c19abab516b81a722ea56dccd20fb9c0987 (patch) | |
tree | aa43363976b4365530fcfcf8475880d4c6a1bfc5 | |
parent | 7b09c459d346d9bf30ab07921a9b0ee91405d104 (diff) | |
parent | a48b409f9ccd4e1957286ba064fd3a25a9ea2b56 (diff) | |
download | git-e6f11c19abab516b81a722ea56dccd20fb9c0987.tar.gz |
Merge branch 'jk/connect-clear-env'
The ssh transport, just like any other transport over the network,
did not clear GIT_* environment variables, but it is possible to
use SendEnv and AcceptEnv to leak them to the remote invocation of
Git, which is not a good idea at all. Explicitly clear them just
like we do for the local transport.
* jk/connect-clear-env:
git_connect: clarify conn->use_shell flag
git_connect: clear GIT_* environment for ssh
-rw-r--r-- | connect.c | 26 | ||||
-rwxr-xr-x | t/t5507-remote-environment.sh | 34 |
2 files changed, 49 insertions, 11 deletions
@@ -721,10 +721,13 @@ struct child_process *git_connect(int fd[2], const char *url, strbuf_addch(&cmd, ' '); sq_quote_buf(&cmd, path); + /* remove repo-local variables from the environment */ + conn->env = local_repo_env; + conn->use_shell = 1; conn->in = conn->out = -1; if (protocol == PROTO_SSH) { const char *ssh; - int putty, tortoiseplink = 0; + int putty = 0, tortoiseplink = 0; char *ssh_host = hostandport; const char *port = NULL; get_host_and_port(&ssh_host, &port); @@ -746,13 +749,17 @@ struct child_process *git_connect(int fd[2], const char *url, } ssh = getenv("GIT_SSH_COMMAND"); - if (ssh) { - conn->use_shell = 1; - putty = 0; - } else { + if (!ssh) { const char *base; char *ssh_dup; + /* + * GIT_SSH is the no-shell version of + * GIT_SSH_COMMAND (and must remain so for + * historical compatibility). + */ + conn->use_shell = 0; + ssh = getenv("GIT_SSH"); if (!ssh) ssh = "ssh"; @@ -762,8 +769,9 @@ struct child_process *git_connect(int fd[2], const char *url, tortoiseplink = !strcasecmp(base, "tortoiseplink") || !strcasecmp(base, "tortoiseplink.exe"); - putty = !strcasecmp(base, "plink") || - !strcasecmp(base, "plink.exe") || tortoiseplink; + putty = tortoiseplink || + !strcasecmp(base, "plink") || + !strcasecmp(base, "plink.exe"); free(ssh_dup); } @@ -777,10 +785,6 @@ struct child_process *git_connect(int fd[2], const char *url, argv_array_push(&conn->args, port); } argv_array_push(&conn->args, ssh_host); - } else { - /* remove repo-local variables from the environment */ - conn->env = local_repo_env; - conn->use_shell = 1; } argv_array_push(&conn->args, cmd.buf); diff --git a/t/t5507-remote-environment.sh b/t/t5507-remote-environment.sh new file mode 100755 index 0000000000..e6149295b1 --- /dev/null +++ b/t/t5507-remote-environment.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +test_description='check environment showed to remote side of transports' +. ./test-lib.sh + +test_expect_success 'set up "remote" push situation' ' + test_commit one && + git config push.default current && + git init remote +' + +test_expect_success 'set up fake ssh' ' + GIT_SSH_COMMAND="f() { + cd \"\$TRASH_DIRECTORY\" && + eval \"\$2\" + }; f" && + export GIT_SSH_COMMAND && + export TRASH_DIRECTORY +' + +# due to receive.denyCurrentBranch=true +test_expect_success 'confirm default push fails' ' + test_must_fail git push remote +' + +test_expect_success 'config does not travel over same-machine push' ' + test_must_fail git -c receive.denyCurrentBranch=false push remote +' + +test_expect_success 'config does not travel over ssh push' ' + test_must_fail git -c receive.denyCurrentBranch=false push host:remote +' + +test_done |