Andrew's git / gitweb.git / diff
?
Merge branch 'jk/connect-clear-env' into maint
authorJunio C Hamano <gitster@pobox.com>
Fri, 16 Oct 2015 21:32:35 +0000 (14:32 -0700)
committerJunio C Hamano <gitster@pobox.com>
Fri, 16 Oct 2015 21:32:35 +0000 (14:32 -0700)
The ssh transport, just like any other transport over the network,
did not clear GIT_* environment variables, but it is possible to
use SendEnv and AcceptEnv to leak them to the remote invocation of
Git, which is not a good idea at all. Explicitly clear them just
like we do for the local transport.

* jk/connect-clear-env:
git_connect: clarify conn->use_shell flag
git_connect: clear GIT_* environment for ssh

connect.c patch | blob | history
t/t5507-remote-environment.sh [new file with mode: 0755] patch | blob
diff --git a/connect.c b/connect.c
index 27a706f76621621a25b7e58188e5d1da9b9a2ccd..ced4961398d397e0e21661ce7105be293c3585c2 100644 (file)
--- a/connect.c
+++ b/connect.c
@@ -724,10 +724,13 @@ struct child_process *git_connect(int fd[2], const char *url,
                strbuf_addch(&cmd, ' ');
                sq_quote_buf(&cmd, path);
 
+               /* remove repo-local variables from the environment */
+               conn->env = local_repo_env;
+               conn->use_shell = 1;
                conn->in = conn->out = -1;
                if (protocol == PROTO_SSH) {
                        const char *ssh;
-                       int putty, tortoiseplink = 0;
+                       int putty = 0, tortoiseplink = 0;
                        char *ssh_host = hostandport;
                        const char *port = NULL;
                        transport_check_allowed("ssh");
@@ -750,13 +753,17 @@ struct child_process *git_connect(int fd[2], const char *url,
                        }
 
                        ssh = getenv("GIT_SSH_COMMAND");
-                       if (ssh) {
-                               conn->use_shell = 1;
-                               putty = 0;
-                       } else {
+                       if (!ssh) {
                                const char *base;
                                char *ssh_dup;
 
+                               /*
+                                * GIT_SSH is the no-shell version of
+                                * GIT_SSH_COMMAND (and must remain so for
+                                * historical compatibility).
+                                */
+                               conn->use_shell = 0;
+
                                ssh = getenv("GIT_SSH");
                                if (!ssh)
                                        ssh = "ssh";
@@ -766,8 +773,9 @@ struct child_process *git_connect(int fd[2], const char *url,
 
                                tortoiseplink = !strcasecmp(base, "tortoiseplink") ||
                                        !strcasecmp(base, "tortoiseplink.exe");
-                               putty = !strcasecmp(base, "plink") ||
-                                       !strcasecmp(base, "plink.exe") || tortoiseplink;
+                               putty = tortoiseplink ||
+                                       !strcasecmp(base, "plink") ||
+                                       !strcasecmp(base, "plink.exe");
 
                                free(ssh_dup);
                        }
@@ -782,9 +790,6 @@ struct child_process *git_connect(int fd[2], const char *url,
                        }
                        argv_array_push(&conn->args, ssh_host);
                } else {
-                       /* remove repo-local variables from the environment */
-                       conn->env = local_repo_env;
-                       conn->use_shell = 1;
                        transport_check_allowed("file");
                }
                argv_array_push(&conn->args, cmd.buf);
diff --git a/t/t5507-remote-environment.sh b/t/t5507-remote-environment.sh
new file mode 100755 (executable)
index 0000000..e614929
--- /dev/null
+++ b/t/t5507-remote-environment.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+test_description='check environment showed to remote side of transports'
+. ./test-lib.sh
+
+test_expect_success 'set up "remote" push situation' '
+       test_commit one &&
+       git config push.default current &&
+       git init remote
+'
+
+test_expect_success 'set up fake ssh' '
+       GIT_SSH_COMMAND="f() {
+               cd \"\$TRASH_DIRECTORY\" &&
+               eval \"\$2\"
+       }; f" &&
+       export GIT_SSH_COMMAND &&
+       export TRASH_DIRECTORY
+'
+
+# due to receive.denyCurrentBranch=true
+test_expect_success 'confirm default push fails' '
+       test_must_fail git push remote
+'
+
+test_expect_success 'config does not travel over same-machine push' '
+       test_must_fail git -c receive.denyCurrentBranch=false push remote
+'
+
+test_expect_success 'config does not travel over ssh push' '
+       test_must_fail git -c receive.denyCurrentBranch=false push host:remote
+'
+
+test_done