71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
|
if( pnSent ) *pnSent = transport.nSent;
if( pnRcvd ) *pnRcvd = transport.nRcvd;
if( resetFlag ){
transport.nSent = 0;
transport.nRcvd = 0;
}
}
/*
** Check zFossil to see if it is a reasonable "fossil" command to
** run on the server. Do not allow an attacker to substitute something
** like "/bin/rm".
*/
static int is_safe_fossil_command(const char *zFossil){
static const char *azSafe[] = { "*/fossil", "*/echo" };
int i;
for(i=0; i<sizeof(azSafe)/sizeof(azSafe[0]); i++){
if( sqlite3_strglob(azSafe[i], zFossil)==0 ) return 1;
if( strcmp(azSafe[i]+2, zFossil)==0 ) return 1;
}
return 0;
}
/*
** Default SSH command
*/
#ifdef _WIN32
static const char zDefaultSshCmd[] = "plink -ssh -T";
#else
|
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
+
+
+
+
|
}
if( pUrlData->user && pUrlData->user[0] ){
zHost = mprintf("%s@%s", pUrlData->user, pUrlData->name);
blob_append_escaped_arg(&zCmd, zHost);
fossil_free(zHost);
}else{
blob_append_escaped_arg(&zCmd, pUrlData->name);
}
if( !is_safe_fossil_command(pUrlData->fossil) ){
fossil_fatal("the ssh:// URL is asking to run an unsafe command [%s] on "
"the server.", pUrlData->fossil);
}
blob_append_escaped_arg(&zCmd, pUrlData->fossil);
blob_append(&zCmd, " test-http", 10);
if( pUrlData->path && pUrlData->path[0] ){
blob_append_escaped_arg(&zCmd, pUrlData->path);
}else{
fossil_fatal("ssh:// URI does not specify a path to the repository");
|