Bug#831662: Git sh prompt expands glob in commit message

Mon, 18 Jul 2016 02:49:17 -0700 

Package: git
Version: 1:2.8.1+next.20160414-1
Severity: normal
File: /usr/lib/git-core/git-sh-prompt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I run bash with "failglob", so I notice when scripts process data
involving ? or * without proper escaping. I noticed that this snipped in
/usr/lib/git-core/git-sh-prompt
is vulnerable:

                # get the upstream from the "git-svn-id: ..." in a commit 
message
                # (git-svn uses essentially the same procedure internally)
                local -a svn_upstream
                svn_upstream=($(git log --first-parent -1 \
                                        --grep="^git-svn-id: 
\(${svn_url_pattern#??}\)" 2>/dev/null))
                if [[ 0 -ne ${#svn_upstream[@]} ]]; then
                        svn_upstream=${svn_upstream[${#svn_upstream[@]} - 2]}
                        svn_upstream=${svn_upstream%@*}
                        local n_stop="${#svn_remote[@]}"
                        for ((n=1; n <= n_stop; n++)); do
                                svn_upstream=${svn_upstream#${svn_remote[$n]}}
                        done

                        if [[ -z "$svn_upstream" ]]; then
                                # default branch name for checkouts with no 
layout:
                                upstream=${GIT_SVN_ID:-git-svn}
                        else
                                upstream=${svn_upstream#/}
                        fi
                elif [[ "svn+git" = "$upstream" ]]; then
                        upstream="@{upstream}"
                fi
                ;;

If the commit message in question contains a ? or *, then bash complains.

A fix is probably to put quotes around $(git log ...).

This might be security relevant.

Greetings,
Joachim

- -- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 
'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages git depends on:
ii  git-man                           1:2.8.1+next.20160414-1
ii  libc6                             2.23-1
ii  libcurl3-gnutls                   7.47.0-1
ii  liberror-perl                     0.17-1.3
ii  libexpat1                         2.2.0-1
ii  libpcre3                          2:8.38-3.1
ii  perl-modules-5.22 [perl-modules]  5.22.2-2
ii  zlib1g                            1:1.2.8.dfsg-2+b1

Versions of packages git recommends:
ii  less                         481-2.1
ii  openssh-client [ssh-client]  1:7.2p2-5
ii  patch                        2.7.5-1
ii  rsync                        3.1.1-3

Versions of packages git suggests:
ii  gettext-base                          0.19.8.1-1
pn  git-arch                              <none>
pn  git-cvs                               <none>
pn  git-daemon-run | git-daemon-sysvinit  <none>
pn  git-doc                               <none>
pn  git-el                                <none>
pn  git-email                             <none>
pn  git-gui                               <none>
pn  git-mediawiki                         <none>
ii  git-svn                               1:2.8.1+next.20160414-1
pn  gitk                                  <none>
pn  gitweb                                <none>

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAleMpPQACgkQ9ijrk0dDIGyE6ACaA8ygj1gOFt535YBdNeB3Eny4
vWEAoMJxCdyU4gzdoNLyokg8Ve2wgq90
=N+fZ
-----END PGP SIGNATURE-----

Reply via email to