summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorToshi MARUYAMA <marutosijp2@yahoo.co.jp>2017-12-07 12:22:22 +0000
committerToshi MARUYAMA <marutosijp2@yahoo.co.jp>2017-12-07 12:22:22 +0000
commit3481b49a1aea34d32dd9ae9a9bac2f2af4523cc0 (patch)
treee8d94e71fffa9d95ef679edd44ff43fc673a138c /plugins
parentd9d803abb5424bd12ce83b1da0b05b3fe1577cfe (diff)
downloadredmine-3481b49a1aea34d32dd9ae9a9bac2f2af4523cc0.tar.gz
redmine-3481b49a1aea34d32dd9ae9a9bac2f2af4523cc0.zip
Merged r17060 from trunk to 3.2-stable (#27516)
mercurial: reject malicious command argument We've got a security report from the Phabricator team, which basically says --config and --debugger arguments can be injected anywhere to lead to an arbitrary command execution. https://secure.phabricator.com/rPa7921a4448093d00defa8bd18f35b8c8f8bf3314 This is a fundamental issue of the argument parsing rules in Mercurial, which allows extensions to populate their parsing rules and such extensions can be loaded by "--config extensions.<name>=". There's a chicken and egg problem. We're working on hardening the parsing rules, but which won't come in by default as it would be a behavior change. This patch adds a verification to reject malicious command arguments as a last ditch. The subsequent patches will fix the problem in more appropriate way. Contributed by Yuya Nishihara. git-svn-id: http://svn.redmine.org/redmine/branches/3.2-stable@17074 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'plugins')
0 files changed, 0 insertions, 0 deletions