Author: philip
Date: Thu Aug 10 19:18:09 2017
New Revision: 1804708
URL: http://svn.apache.org/viewvc?rev=1804708&view=rev
Log:
On branches/1.6-CVE-2017-9800: merge CVE fix from trunk and adapt
to work with this old branch.
* subversion/libsvn_ra_svn/client.c: Merge, add svn_ctype_isalnum.
* subversion/libsvn_subr/config_file.c: Merge.
Modified:
subversion/branches/1.6.x-CVE-2017-9800/ (props changed)
subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_ra_svn/client.c
subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_subr/config_file.c
Propchange: subversion/branches/1.6.x-CVE-2017-9800/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Aug 10 19:18:09 2017
@@ -136,4 +136,4 @@
/subversion/branches/tc_url_rev:874351-874483
/subversion/branches/tree-conflicts:868291-873154
/subversion/branches/tree-conflicts-notify:873926-874008
-/subversion/trunk:875965,875968,876004,876012,876017,876019,876022,876024,876032,876041-876042,876048,876051,876055-876056,876059,876083,876091,876097,876101,876104,876109,876123-876125,876129,876132,876138,876160,876167,876175,876180,876185,876205,876223-876225,876230,876233,876245,876252,876256,876283,876287,876312,876326-876327,876330,876366,876372,876374,876376,876383,876386,876442,876456-876457,876462-876464,876467,876469,876480,876486,876495-876497,876516-876518,876524,876526,876583,876601,876614-876615,876628,876633,876641,876645,876659,876687,876689,876705,876715,876726,876760,876763,876794,876804,876815-876816,876821,876825,876837,876840-876841,876843,876849,876857-876858,876862,876873,876890,876897,876905,876908,876925,876931,876934,876948-876949,876953,876987,876993,877011,877014,877016,877028-877029,877038,877119,877127,877146,877157,877191,877195,877203,877211,877230,877234,877237,877243,877249,877259,877261,877304,877319,877407,877437,877441-877442,877453,877459,877472
,877544,877553,877565,877568,877573,877593,877595,877597,877601,877612,877665,877667,877681,877692,877696,877701,877720,877730,877784,877793,877797,877809,877814-877815,877819,877821,877842,877848,877853,877867,877869,877873,877901,877909,877916,877931,877942,877953,877964,877968,877970,877981-877982,878005,878013,878015,878020,878046,878053,878062,878074,878080,878089,878091,878093,878095,878127,878129,878131,878142,878173-878176,878216,878240,878242,878255,878269,878272,878279,878296-878297,878303,878321,878335,878338,878341,878343,878353,878364,878367-878368,878385,878399,878423,878426,878447,878462,878484,878491,878498,878532,878590,878595,878607,878625-878627,878646,878659,878673,878682-878683,878690-878691,878693,878723,878760-878761,878873,878875,878877,878879,878905,878910-878911,878915-878916,878924-878925,878946,878949,878955,878960,878970,878981,879001,879033,879056,879074,879076,879081-879082,879093,879105,879126,879148,879170,879198-879199,879201,879271,879293,879357,87
9375-879376,879403,879631,879635-879636,879688,879709-879711,879747,879902,879916,879954,879961,879966,879971,880027,880082,880095,880105,880146,880162,880226,880274-880275,880370,880450,880461,880474,880525-880526,880552,881905,884842,886164,886197,888715,888979,889081,889840,891672,892050,892085,893478,895514,895653,896522,896893,896901,896915,898048,898963,899826,899828,900797,901304,901752,902093,902467,904301,904394,904594,905303,905326,906256,906305,906587,907644,908980-908981,917523,917640,918211,922516,923389,923391,926151,926167,927323,927328,931209,931211,931392,931568,932942,933299,934599,934603,935631,935992,935996,937610,939000,939002,939375-939376,944635,945350,946355,946767,947006,947833,948512,948916,949307,950931,950933,951753,952992,953317,955369,957507,958024,959004,959760,961055,961970,962377-962378,964167,964349,964767,965405,965469,965508,966167,979045,979429,980811,981449,981921,984565,984928,984931,991534,992114,996884,997026,997070,997457,997466,997471,99747
4,1000038,1000060,1000607,1000612,1001009,1002094,1005446,1022675,1024269,1027957,1028084,1028108,1028125,1031165,1031186,1032808,1033166,1033290,1033665,1033685,1033921,1034557,1035745,1036429,1036534,1036978,1037762,1038792,1039040,1041438,1041638,1051632,1051638,1051733,1051744-1051745,1051751,1051761,1051763,1051775,1051778,1051968,1051978,1051988,1052029,1052041,1052068,1053185,1053208,1053233,1053499,1053984,1058269,1058722,1063572-1063573,1063592,1063870,1063946,1064839,1066249,1066270,1066276,1068988,1070912,1071239,1071307,1072084,1072953,1074572,1076730,1076759,1076826,1078954,1081255,1084575,1084581,1084764,1084962,1084978,1086222,1088602,1094692,1095654,1098608,1102803,1103665,1104309,1125983,1125998,1126007,1126810,1130303,1130448,1134734,1144316,1146870,1151036,1151911,1152282,1154733,1166555,1166678,1178280,1178282,1186121,1186231,1205726,1230212,1235264,1235296,1235302,1235736,1240619,1240752,1241626,1291429,1291446,1291520,1291680,1291704,1291726,1291941,1292248,129
2255,1292260,1292296,1292322,1292507,1292516,1292768,1292926,1294470,1302399,1302539,1302591,1302613,1306111,1310535,1310594,1330410,1338810,1339164,1345740,1352031,1387226,1390653,1402417,1403964,1403982,1410106,1410203,1426264,1443763,1443929,1453780,1455352,1461562,1461580,1461701,1462300,1462302,1462321,1462334,1481627,1485350,1485497
+/subversion/trunk:875965,875968,876004,876012,876017,876019,876022,876024,876032,876041-876042,876048,876051,876055-876056,876059,876083,876091,876097,876101,876104,876109,876123-876125,876129,876132,876138,876160,876167,876175,876180,876185,876205,876223-876225,876230,876233,876245,876252,876256,876283,876287,876312,876326-876327,876330,876366,876372,876374,876376,876383,876386,876442,876456-876457,876462-876464,876467,876469,876480,876486,876495-876497,876516-876518,876524,876526,876583,876601,876614-876615,876628,876633,876641,876645,876659,876687,876689,876705,876715,876726,876760,876763,876794,876804,876815-876816,876821,876825,876837,876840-876841,876843,876849,876857-876858,876862,876873,876890,876897,876905,876908,876925,876931,876934,876948-876949,876953,876987,876993,877011,877014,877016,877028-877029,877038,877119,877127,877146,877157,877191,877195,877203,877211,877230,877234,877237,877243,877249,877259,877261,877304,877319,877407,877437,877441-877442,877453,877459,877472
,877544,877553,877565,877568,877573,877593,877595,877597,877601,877612,877665,877667,877681,877692,877696,877701,877720,877730,877784,877793,877797,877809,877814-877815,877819,877821,877842,877848,877853,877867,877869,877873,877901,877909,877916,877931,877942,877953,877964,877968,877970,877981-877982,878005,878013,878015,878020,878046,878053,878062,878074,878080,878089,878091,878093,878095,878127,878129,878131,878142,878173-878176,878216,878240,878242,878255,878269,878272,878279,878296-878297,878303,878321,878335,878338,878341,878343,878353,878364,878367-878368,878385,878399,878423,878426,878447,878462,878484,878491,878498,878532,878590,878595,878607,878625-878627,878646,878659,878673,878682-878683,878690-878691,878693,878723,878760-878761,878873,878875,878877,878879,878905,878910-878911,878915-878916,878924-878925,878946,878949,878955,878960,878970,878981,879001,879033,879056,879074,879076,879081-879082,879093,879105,879126,879148,879170,879198-879199,879201,879271,879293,879357,87
9375-879376,879403,879631,879635-879636,879688,879709-879711,879747,879902,879916,879954,879961,879966,879971,880027,880082,880095,880105,880146,880162,880226,880274-880275,880370,880450,880461,880474,880525-880526,880552,881905,884842,886164,886197,888715,888979,889081,889840,891672,892050,892085,893478,895514,895653,896522,896893,896901,896915,898048,898963,899826,899828,900797,901304,901752,902093,902467,904301,904394,904594,905303,905326,906256,906305,906587,907644,908980-908981,917523,917640,918211,922516,923389,923391,926151,926167,927323,927328,931209,931211,931392,931568,932942,933299,934599,934603,935631,935992,935996,937610,939000,939002,939375-939376,944635,945350,946355,946767,947006,947833,948512,948916,949307,950931,950933,951753,952992,953317,955369,957507,958024,959004,959760,961055,961970,962377-962378,964167,964349,964767,965405,965469,965508,966167,979045,979429,980811,981449,981921,984565,984928,984931,991534,992114,996884,997026,997070,997457,997466,997471,99747
4,1000038,1000060,1000607,1000612,1001009,1002094,1005446,1022675,1024269,1027957,1028084,1028108,1028125,1031165,1031186,1032808,1033166,1033290,1033665,1033685,1033921,1034557,1035745,1036429,1036534,1036978,1037762,1038792,1039040,1041438,1041638,1051632,1051638,1051733,1051744-1051745,1051751,1051761,1051763,1051775,1051778,1051968,1051978,1051988,1052029,1052041,1052068,1053185,1053208,1053233,1053499,1053984,1058269,1058722,1063572-1063573,1063592,1063870,1063946,1064839,1066249,1066270,1066276,1068988,1070912,1071239,1071307,1072084,1072953,1074572,1076730,1076759,1076826,1078954,1081255,1084575,1084581,1084764,1084962,1084978,1086222,1088602,1094692,1095654,1098608,1102803,1103665,1104309,1125983,1125998,1126007,1126810,1130303,1130448,1134734,1144316,1146870,1151036,1151911,1152282,1154733,1166555,1166678,1178280,1178282,1186121,1186231,1205726,1230212,1235264,1235296,1235302,1235736,1240619,1240752,1241626,1291429,1291446,1291520,1291680,1291704,1291726,1291941,1292248,129
2255,1292260,1292296,1292322,1292507,1292516,1292768,1292926,1294470,1302399,1302539,1302591,1302613,1306111,1310535,1310594,1330410,1338810,1339164,1345740,1352031,1387226,1390653,1402417,1403964,1403982,1410106,1410203,1426264,1443763,1443929,1453780,1455352,1461562,1461580,1461701,1462300,1462302,1462321,1462334,1481627,1485350,1485497,1804691
Modified:
subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_ra_svn/client.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_ra_svn/client.c?rev=1804708&r1=1804707&r2=1804708&view=diff
==============================================================================
--- subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_ra_svn/client.c
(original)
+++ subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_ra_svn/client.c
Thu Aug 10 19:18:09 2017
@@ -381,7 +381,7 @@ static svn_error_t *find_tunnel_agent(co
* versions have it too. If the user is using some other ssh
* implementation that doesn't accept it, they can override it
* in the [tunnels] section of the config. */
- val = "$SVN_SSH ssh -q";
+ val = "$SVN_SSH ssh -q --";
}
if (!val || !*val)
@@ -421,7 +421,7 @@ static svn_error_t *find_tunnel_agent(co
;
*argv = apr_palloc(pool, (n + 4) * sizeof(char *));
memcpy((void *) *argv, cmd_argv, n * sizeof(char *));
- (*argv)[n++] = svn_path_uri_decode(hostinfo, pool);
+ (*argv)[n++] = hostinfo;
(*argv)[n++] = "svnserve";
(*argv)[n++] = "-t";
(*argv)[n] = NULL;
@@ -676,7 +676,43 @@ ra_svn_get_schemes(apr_pool_t *pool)
return schemes;
}
+static svn_boolean_t
+svn_ctype_isalnum(const char c)
+{
+ if ((c >= 'A' && c <= 'Z')
+ || (c >= 'a' && c <= 'z')
+ || (c >= '0' && c <= '9'))
+ return TRUE;
+ return FALSE;
+}
+
+
+/* A simple whitelist to ensure the following are valid:
+ * user@server
+ * [::1]:22
+ * server-name
+ * server_name
+ * 127.0.0.1
+ * with an extra restriction that a leading '-' is invalid.
+ */
+static svn_boolean_t
+is_valid_hostinfo(const char *hostinfo)
+{
+ const char *p = hostinfo;
+
+ if (p[0] == '-')
+ return FALSE;
+ while (*p)
+ {
+ if (!svn_ctype_isalnum(*p) && !strchr(":.-_[]@", *p))
+ return FALSE;
+
+ ++p;
+ }
+
+ return TRUE;
+}
static svn_error_t *ra_svn_open(svn_ra_session_t *session, const char *url,
const svn_ra_callbacks2_t *callbacks,
@@ -695,8 +731,17 @@ static svn_error_t *ra_svn_open(svn_ra_s
parse_tunnel(url, &tunnel, pool);
if (tunnel)
- SVN_ERR(find_tunnel_agent(tunnel, uri.hostinfo, &tunnel_argv, config,
- pool));
+ {
+ const char *decoded_hostinfo;
+
+ decoded_hostinfo = svn_path_uri_decode(uri.hostinfo, pool);
+ if (!is_valid_hostinfo(decoded_hostinfo))
+ return svn_error_createf(SVN_ERR_BAD_URL, NULL, _("Invalid host '%s'"),
+ uri.hostinfo);
+
+ SVN_ERR(find_tunnel_agent(tunnel, decoded_hostinfo, &tunnel_argv,
+ config, pool));
+ }
else
tunnel_argv = NULL;
Modified:
subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_subr/config_file.c
URL:
http://svn.apache.org/viewvc/subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_subr/config_file.c?rev=1804708&r1=1804707&r2=1804708&view=diff
==============================================================================
---
subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_subr/config_file.c
(original)
+++
subversion/branches/1.6.x-CVE-2017-9800/subversion/libsvn_subr/config_file.c
Thu Aug 10 19:18:09 2017
@@ -1009,12 +1009,12 @@ svn_config_ensure(const char *config_dir
"### passed to the tunnel agent as <user>@<hostname>.) If the" NL
"### built-in ssh scheme were not predefined, it could be defined" NL
"### as:" NL
- "# ssh = $SVN_SSH ssh -q" NL
+ "# ssh = $SVN_SSH ssh -q --" NL
"### If you wanted to define a new 'rsh' scheme, to be used with" NL
"### 'svn+rsh:' URLs, you could do so as follows:" NL
- "# rsh = rsh" NL
+ "# rsh = rsh --" NL
"### Or, if you wanted to specify a full path and arguments:" NL
- "# rsh = /path/to/rsh -l myusername" NL
+ "# rsh = /path/to/rsh -l myusername --" NL
"### On Windows, if you are specifying a full path to a command," NL
"### use a forward slash (/) or a paired backslash (\\\\) as the" NL
"### path separator. A single backslash will be treated as an" NL
