Ything-RepoMirrors/libgit2
2
0
Fork 0
mirror of https://github.com/libgit2/libgit2.git synced 2026-01-25 02:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

ssh_exec: escape remote paths properly

Browse Source 
When sending paths to the remote server, escape them properly.
Escape them with a single quote, followed by the escaped character,
followed by another single quote. This prevents misparsing on the
remote side and potential command injection.
This commit is contained in:
Edward Thomson
2025-10-13 22:32:52 +01:00
parent 11b9586e35
commit 12998e8cad
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/libgit2/transports/ssh_exec.c
View File

@@ -189,7 +189,7 @@ static int get_ssh_cmdline(
if ((error = git_str_puts(&remote_cmd, command)) < 0 ||
(error = git_str_puts(&remote_cmd, " '")) < 0 ||
(error = git_str_puts(&remote_cmd, url->path)) < 0 ||
(error = git_str_puts_escaped(&remote_cmd, url->path, "'!", "'\\", "'")) < 0 ||
(error = git_str_puts(&remote_cmd, "'")) < 0 ||
(error = git_vector_insert(args, git_str_detach(&remote_cmd))) < 0)
goto done;