Source file

From 9ad458f2a70837caa6413a628f0363a0426062bc Mon Sep 17 00:00:00 2001
From: Robert Cranston <rcrnstn@rcrnstn.net>
Date: Sat, 25 Apr 2020 18:57:58 +0200
Subject: [PATCH] Split $SSH_ORIGINAL_COMMAND with Text::ParseWords shellwords

---
 src/commands/option    | 4 ++--
 src/gitolite-shell     | 4 ++--
 src/lib/Gitolite/Rc.pm | 2 --
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/commands/option b/src/commands/option
index de49aab..9ced20e 100755
--- a/src/commands/option
+++ b/src/commands/option
@@ -106,8 +106,8 @@ if ( $op eq 'list' ) {
 # ----------------------------------------------------------------------
 # that leaves 'add' or 'del'
 
-# NOTE: sanity check on characters in key and val not needed;
-# REMOTE_COMMAND_PATT is more restrictive than UNSAFE_PATT anyway!
+_die "forbidden charachters in '$key'" if $key !~ $UNSAFE_PATT;
+_die "forbidden charachters in '$val'" if $val !~ $UNSAFE_PATT;
 
 # check if the key is allowed
 my $user_options = option( $repo, 'user-options' );
diff --git a/src/gitolite-shell b/src/gitolite-shell
index 072e0ff..3982010 100755
--- a/src/gitolite-shell
+++ b/src/gitolite-shell
@@ -4,6 +4,7 @@
 # ----------------------------------------------------------------------
 
 use FindBin;
+use Text::ParseWords;
 
 BEGIN { $ENV{GL_BINDIR} = $FindBin::RealBin; }
 BEGIN { $ENV{GL_LIBDIR} = "$ENV{GL_BINDIR}/lib"; }
@@ -172,10 +173,9 @@ sub parse_soc {
     # after this we should not return; caller expects us to handle it all here
     # and exit out
 
-    my @words = split ' ', $soc;
+    my @words = shellwords($soc);
     if ( $rc{COMMANDS}{ $words[0] } ) {
         if ( $rc{COMMANDS}{ $words[0] } ne 'ua' ) {
-            _die "suspicious characters loitering about '$soc'" if $soc !~ $REMOTE_COMMAND_PATT;
             _die "no relative paths allowed anywhere!" if $soc =~ m(\.\./);
         }
         trace( 2, "gitolite command", $soc );
diff --git a/src/lib/Gitolite/Rc.pm b/src/lib/Gitolite/Rc.pm
index 41996fb..d651867 100644
--- a/src/lib/Gitolite/Rc.pm
+++ b/src/lib/Gitolite/Rc.pm
@@ -12,7 +12,6 @@ package Gitolite::Rc;
   trigger
   _which
 
-  $REMOTE_COMMAND_PATT
   $REF_OR_FILENAME_PATT
   $REPONAME_PATT
   $REPOPATT_PATT
@@ -46,7 +45,6 @@ $rc{LOG_TEMPLATE}  = "$ENV{HOME}/.gitolite/logs/gitolite-%y-%m.log";
 # ----------------------------------------------------------------------
 
 #<<<
-$REMOTE_COMMAND_PATT  =                qr(^[-0-9a-zA-Z._\@/+ :,\%=]*$);
 $REF_OR_FILENAME_PATT =     qr(^[0-9a-zA-Z][-0-9a-zA-Z._\@/+ :,]*$);
 $REPONAME_PATT        =  qr(^\@?[0-9a-zA-Z][-0-9a-zA-Z._\@/+]*$);
 $REPOPATT_PATT        = qr(^\@?[[0-9a-zA-Z][-0-9a-zA-Z._\@/+\\^$|()[\]*?{},]*$);
-- 
2.17.1