From: Junio C Hamano <gitster@pobox.com>
Date: Fri, 16 Oct 2015 21:32:35 +0000 (-0700)
Subject: Merge branch 'jk/connect-clear-env' into maint
X-Git-Tag: v2.6.2~19
X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/a3bbfe5d006f0f4deb59f92b3079ccf67764ea34?ds=inline;hp=-c

Merge branch 'jk/connect-clear-env' into maint

The ssh transport, just like any other transport over the network,
did not clear GIT_* environment variables, but it is possible to
use SendEnv and AcceptEnv to leak them to the remote invocation of
Git, which is not a good idea at all.  Explicitly clear them just
like we do for the local transport.

* jk/connect-clear-env:
git_connect: clarify conn->use_shell flag
git_connect: clear GIT_* environment for ssh
---

a3bbfe5d006f0f4deb59f92b3079ccf67764ea34
diff --combined connect.c
index 27a706f766,acd39d70c8..ced4961398
--- a/connect.c
+++ b/connect.c
@@@ -9,7 -9,6 +9,7 @@@
  #include "url.h"
  #include "string-list.h"
  #include "sha1-array.h"
 +#include "transport.h"
  
  static char *server_capabilities;
  static const char *parse_feature_value(const char *, const char *, int *);
@@@ -695,8 -694,6 +695,8 @@@ struct child_process *git_connect(int f
  		else
  			target_host = xstrdup(hostandport);
  
 +		transport_check_allowed("git");
 +
  		/* These underlying connection commands die() if they
  		 * cannot connect.
  		 */
@@@ -724,13 -721,15 +724,16 @@@
  		strbuf_addch(&cmd, ' ');
  		sq_quote_buf(&cmd, path);
  
+ 		/* remove repo-local variables from the environment */
+ 		conn->env = local_repo_env;
+ 		conn->use_shell = 1;
  		conn->in = conn->out = -1;
  		if (protocol == PROTO_SSH) {
  			const char *ssh;
- 			int putty, tortoiseplink = 0;
+ 			int putty = 0, tortoiseplink = 0;
  			char *ssh_host = hostandport;
  			const char *port = NULL;
 +			transport_check_allowed("ssh");
  			get_host_and_port(&ssh_host, &port);
  
  			if (!port)
@@@ -750,13 -749,17 +753,17 @@@
  			}
  
  			ssh = getenv("GIT_SSH_COMMAND");
- 			if (ssh) {
- 				conn->use_shell = 1;
- 				putty = 0;
- 			} else {
+ 			if (!ssh) {
  				const char *base;
  				char *ssh_dup;
  
+ 				/*
+ 				 * GIT_SSH is the no-shell version of
+ 				 * GIT_SSH_COMMAND (and must remain so for
+ 				 * historical compatibility).
+ 				 */
+ 				conn->use_shell = 0;
+ 
  				ssh = getenv("GIT_SSH");
  				if (!ssh)
  					ssh = "ssh";
@@@ -766,8 -769,9 +773,9 @@@
  
  				tortoiseplink = !strcasecmp(base, "tortoiseplink") ||
  					!strcasecmp(base, "tortoiseplink.exe");
- 				putty = !strcasecmp(base, "plink") ||
- 					!strcasecmp(base, "plink.exe") || tortoiseplink;
+ 				putty = tortoiseplink ||
+ 					!strcasecmp(base, "plink") ||
+ 					!strcasecmp(base, "plink.exe");
  
  				free(ssh_dup);
  			}
@@@ -781,11 -785,6 +789,8 @@@
  				argv_array_push(&conn->args, port);
  			}
  			argv_array_push(&conn->args, ssh_host);
 +		} else {
- 			/* remove repo-local variables from the environment */
- 			conn->env = local_repo_env;
- 			conn->use_shell = 1;
 +			transport_check_allowed("file");
  		}
  		argv_array_push(&conn->args, cmd.buf);