Fossil SCM
Allow remote commands of the form "*/fossil.exe" on the "ssh:" protocol.
Commit
8f70ccaac82d0e30e00158841d1715f14d279687892ba5202cf9f876394a85b8
Parent
ef41fbfa598dd7f…
1 file changed
+1
-1
+1
-1
| --- src/http_transport.c | ||
| +++ src/http_transport.c | ||
| @@ -80,11 +80,11 @@ | ||
| 80 | 80 | ** Check zFossil to see if it is a reasonable "fossil" command to |
| 81 | 81 | ** run on the server. Do not allow an attacker to substitute something |
| 82 | 82 | ** like "/bin/rm". |
| 83 | 83 | */ |
| 84 | 84 | static int is_safe_fossil_command(const char *zFossil){ |
| 85 | - static const char *const azSafe[] = { "*/fossil", "*/echo" }; | |
| 85 | + static const char *const azSafe[] = { "*/fossil", "*/fossil.exe", "*/echo" }; | |
| 86 | 86 | int i; |
| 87 | 87 | for(i=0; i<sizeof(azSafe)/sizeof(azSafe[0]); i++){ |
| 88 | 88 | if( sqlite3_strglob(azSafe[i], zFossil)==0 ) return 1; |
| 89 | 89 | if( strcmp(azSafe[i]+2, zFossil)==0 ) return 1; |
| 90 | 90 | } |
| 91 | 91 |
| --- src/http_transport.c | |
| +++ src/http_transport.c | |
| @@ -80,11 +80,11 @@ | |
| 80 | ** Check zFossil to see if it is a reasonable "fossil" command to |
| 81 | ** run on the server. Do not allow an attacker to substitute something |
| 82 | ** like "/bin/rm". |
| 83 | */ |
| 84 | static int is_safe_fossil_command(const char *zFossil){ |
| 85 | static const char *const azSafe[] = { "*/fossil", "*/echo" }; |
| 86 | int i; |
| 87 | for(i=0; i<sizeof(azSafe)/sizeof(azSafe[0]); i++){ |
| 88 | if( sqlite3_strglob(azSafe[i], zFossil)==0 ) return 1; |
| 89 | if( strcmp(azSafe[i]+2, zFossil)==0 ) return 1; |
| 90 | } |
| 91 |
| --- src/http_transport.c | |
| +++ src/http_transport.c | |
| @@ -80,11 +80,11 @@ | |
| 80 | ** Check zFossil to see if it is a reasonable "fossil" command to |
| 81 | ** run on the server. Do not allow an attacker to substitute something |
| 82 | ** like "/bin/rm". |
| 83 | */ |
| 84 | static int is_safe_fossil_command(const char *zFossil){ |
| 85 | static const char *const azSafe[] = { "*/fossil", "*/fossil.exe", "*/echo" }; |
| 86 | int i; |
| 87 | for(i=0; i<sizeof(azSafe)/sizeof(azSafe[0]); i++){ |
| 88 | if( sqlite3_strglob(azSafe[i], zFossil)==0 ) return 1; |
| 89 | if( strcmp(azSafe[i]+2, zFossil)==0 ) return 1; |
| 90 | } |
| 91 |