Merge tag 'v2.12.4' into maint

author: Junio C Hamano <gitster@pobox.com> 2017-08-01 12:27:31 -0700
committer: Junio C Hamano <gitster@pobox.com> 2017-08-01 12:27:31 -0700
commit: e312af164c12052b7a0dbf8f7b86549a3c5b578f (patch)
tree: 2305e144bb615718f3e163ecfc52bc639a4c0e41 /connect.c
parent: Git 2.13.4 (diff)
parent: Git 2.12.4 (diff)
download: tgif-e312af164c12052b7a0dbf8f7b86549a3c5b578f.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/connect.c b/connect.c
index c72b1d1151..e43df44b0c 100644
--- a/connect.c
+++ b/connect.c
@@ -577,6 +577,11 @@ static struct child_process *git_proxy_connect(int fd[2], char *host)
 
 	get_host_and_port(&host, &port);
 
+	if (looks_like_command_line_option(host))
+		die("strange hostname '%s' blocked", host);
+	if (looks_like_command_line_option(port))
+		die("strange port '%s' blocked", port);
+
 	proxy = xmalloc(sizeof(*proxy));
 	child_process_init(proxy);
 	argv_array_push(&proxy->args, git_proxy_command);
@@ -823,6 +828,9 @@ struct child_process *git_connect(int fd[2], const char *url,
 		conn = xmalloc(sizeof(*conn));
 		child_process_init(conn);
 
+		if (looks_like_command_line_option(path))
+			die("strange pathname '%s' blocked", path);
+
 		strbuf_addstr(&cmd, prog);
 		strbuf_addch(&cmd, ' ');
 		sq_quote_buf(&cmd, path);
@@ -856,6 +864,9 @@ struct child_process *git_connect(int fd[2], const char *url,
 				return NULL;
 			}
 
+			if (looks_like_command_line_option(ssh_host))
+				die("strange hostname '%s' blocked", ssh_host);
+
 			ssh = get_ssh_command();
 			if (ssh)
 				handle_ssh_variant(ssh, 1, &port_option,
author	Junio C Hamano <gitster@pobox.com>	2017-08-01 12:27:31 -0700
committer	Junio C Hamano <gitster@pobox.com>	2017-08-01 12:27:31 -0700
commit	e312af164c12052b7a0dbf8f7b86549a3c5b578f (patch)
tree	2305e144bb615718f3e163ecfc52bc639a4c0e41 /connect.c
parent	Git 2.13.4 (diff)
parent	Git 2.12.4 (diff)
download	tgif-e312af164c12052b7a0dbf8f7b86549a3c5b578f.tar.xz