diff options
author | Junio C Hamano <gitster@pobox.com> | 2015-10-16 14:32:35 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-10-16 14:32:35 -0700 |
commit | a3bbfe5d006f0f4deb59f92b3079ccf67764ea34 (patch) | |
tree | 041ac1a55425f43de25f13eb3cbb373217934c26 /connect.c | |
parent | 14d5a3e47e38b29bf8aa7d6081d43ce0f24c3444 (diff) | |
parent | a48b409f9ccd4e1957286ba064fd3a25a9ea2b56 (diff) | |
download | git-a3bbfe5d006f0f4deb59f92b3079ccf67764ea34.tar.gz |
Merge branch 'jk/connect-clear-env' into maint
The ssh transport, just like any other transport over the network,
did not clear GIT_* environment variables, but it is possible to
use SendEnv and AcceptEnv to leak them to the remote invocation of
Git, which is not a good idea at all. Explicitly clear them just
like we do for the local transport.
* jk/connect-clear-env:
git_connect: clarify conn->use_shell flag
git_connect: clear GIT_* environment for ssh
Diffstat (limited to 'connect.c')
-rw-r--r-- | connect.c | 25 |
1 files changed, 15 insertions, 10 deletions
@@ -724,10 +724,13 @@ struct child_process *git_connect(int fd[2], const char *url, strbuf_addch(&cmd, ' '); sq_quote_buf(&cmd, path); + /* remove repo-local variables from the environment */ + conn->env = local_repo_env; + conn->use_shell = 1; conn->in = conn->out = -1; if (protocol == PROTO_SSH) { const char *ssh; - int putty, tortoiseplink = 0; + int putty = 0, tortoiseplink = 0; char *ssh_host = hostandport; const char *port = NULL; transport_check_allowed("ssh"); @@ -750,13 +753,17 @@ struct child_process *git_connect(int fd[2], const char *url, } ssh = getenv("GIT_SSH_COMMAND"); - if (ssh) { - conn->use_shell = 1; - putty = 0; - } else { + if (!ssh) { const char *base; char *ssh_dup; + /* + * GIT_SSH is the no-shell version of + * GIT_SSH_COMMAND (and must remain so for + * historical compatibility). + */ + conn->use_shell = 0; + ssh = getenv("GIT_SSH"); if (!ssh) ssh = "ssh"; @@ -766,8 +773,9 @@ struct child_process *git_connect(int fd[2], const char *url, tortoiseplink = !strcasecmp(base, "tortoiseplink") || !strcasecmp(base, "tortoiseplink.exe"); - putty = !strcasecmp(base, "plink") || - !strcasecmp(base, "plink.exe") || tortoiseplink; + putty = tortoiseplink || + !strcasecmp(base, "plink") || + !strcasecmp(base, "plink.exe"); free(ssh_dup); } @@ -782,9 +790,6 @@ struct child_process *git_connect(int fd[2], const char *url, } argv_array_push(&conn->args, ssh_host); } else { - /* remove repo-local variables from the environment */ - conn->env = local_repo_env; - conn->use_shell = 1; transport_check_allowed("file"); } argv_array_push(&conn->args, cmd.buf); |