diff -ru dulwich-0.12.0.orig/NEWS dulwich-0.12.0/NEWS --- dulwich-0.12.0.orig/NEWS 2015-12-13 15:31:07.000000000 +0000 +++ dulwich-0.12.0/NEWS 2018-10-27 01:02:17.081393785 +0000 @@ -1,3 +1,8 @@ +0.12.0-1.1 mga + * Prevent setting SSH arguments from SSH URLs when using SSH through a + subprocess. Note that Dulwich doesn't support cloning submodules. + (CVE 2017-1000117) (Jelmer Vernooij) + 0.12.0 2015-12-13 IMPROVEMENTS diff -ru dulwich-0.12.0.orig/dulwich/client.py dulwich-0.12.0/dulwich/client.py --- dulwich-0.12.0.orig/dulwich/client.py 2018-10-27 01:00:29.862986093 +0000 +++ dulwich-0.12.0/dulwich/client.py 2018-10-27 01:03:26.270350253 +0000 @@ -866,6 +866,13 @@ raise NotImplementedError(self.run_command) +class StrangeHostname(Exception): + """Refusing to connect to strange SSH hostname.""" + + def __init__(self, hostname): + super(StrangeHostname, self).__init__(hostname) + + class SubprocessSSHVendor(SSHVendor): """SSH vendor that shells out to the local 'ssh' command.""" @@ -876,6 +876,8 @@ args.extend(['-p', str(port)]) if username is not None: host = '%s@%s' % (username, host) + if host.startswith('-'): + raise StrangeHostname(hostname=host) args.append(host) proc = subprocess.Popen(args + [command], stdin=subprocess.PIPE, diff -ru dulwich-0.12.0.orig/dulwich/tests/test_client.py dulwich-0.12.0/dulwich/tests/test_client.py --- dulwich-0.12.0.orig/dulwich/tests/test_client.py 2015-12-13 15:31:07.000000000 +0000 +++ dulwich-0.12.0/dulwich/tests/test_client.py 2018-10-27 01:04:50.549081963 +0000 @@ -35,6 +35,8 @@ HttpGitClient, ReportStatusParser, SendPackError, + StrangeHostname, + SubprocessSSHVendor, UpdateRefsError, get_transport_and_path, get_transport_and_path_from_url, @@ -516,6 +518,12 @@ setattr(Subprocess, 'can_read', lambda: None) return Subprocess() +class SubprocessSSHVendorTests(TestCase): + + def test_run_command_dashes(self): + vendor = SubprocessSSHVendor() + self.assertRaises(StrangeHostname, vendor.run_command, '--weird-host', + 'git-clone-url') class SSHGitClientTests(TestCase):